Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

Craft CMS

Craft is a flexible user-friendly CMS for creating custom digital experiences on the web and beyond.

Official Site:

https://craftcms.com/

Severity Summary:

Critical: 10 High: 32 Medium: 55
Reference
Title
Severity
CVE-2018-20465
Craft CMS Missing Encryption of Sensitive Data Vulnerability
High
CVE-2026-33157
Craft CMS Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) Vulnerability
High
CVE-2018-3814
Craft CMS Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2026-31857
Craft CMS Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2026-31858
Craft CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2022-37783
Craft CMS Missing Encryption of Sensitive Data Vulnerability
High
CVE-2026-32263
Craft CMS Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) Vulnerability
High
CVE-2021-41824
Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability
High
CVE-2020-9757
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2022-29933
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2026-28696
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability
High
CVE-2026-28695
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
High
CVE-2026-29069
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2026-28781
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2026-25496
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2026-33158
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2026-33159
Craft CMS Missing Authentication for Critical Function Vulnerability
Medium
CVE-2026-33160
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2026-33161
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2026-33051
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2026-27129
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability
Medium
CVE-2026-27127
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability
Medium
CVE-2026-31859
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2026-25494
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability
Medium
CVE-2026-25493
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability
Medium
CVE-2026-25492
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability
Medium
CVE-2026-27126
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2026-32262
Craft CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2026-25491
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2026-27128
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability
Medium