Vulnerabilities in getkirby

29 results

CVE-2026-32870MEDIUMKirby has XML injection in its XML creator toolkitEPSS 0.3%CVE-2026-34587HIGHKirby has Server-Side Template Injection (SSTI) via double template resolution in option renderingEPSS 0.3%CVE-2026-42137HIGHKirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialogEPSS 0.3%CVE-2026-40099MEDIUMKirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameterEPSS 0.3%CVE-2026-42174MEDIUMKirby: User avatar creation, replacement and deletion are not gated by user update permissionsEPSS 0.2%CVE-2026-42069HIGHKirby: Read access to site, user and role information is not gated by permissionsEPSS 0.2%CVE-2026-42051MEDIUMKirby: System API endpoint leaks license data and installed version to authenticated usersEPSS 0.2%CVE-2026-21896MEDIUMKirby is missing permission checks in the content changes APIEPSS 0.2%CVE-2025-65012MEDIUMKirby CMS has cross-site scripting (XSS) in the changes dialogEPSS 0.2%

← previouspage 2 / 2next →