Количество 2
Количество 2
CVE-2025-68436
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.
GHSA-53vf-c43h-j2x9
Craft CMS vulnerable to potential information disclosure via unchecked asset relocation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-68436 Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| GHSA-53vf-c43h-j2x9 Craft CMS vulnerable to potential information disclosure via unchecked asset relocation | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу