[HIGH] Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI

PKSA-4wwj-2m42-9pp5 CVE-2024-52293 GHSA-f3cw-hg6r-chfv

Affected version: >=5.0.0-RC1,<=5.4.2|>=4.0.0-RC1,<=4.12.1

Reported by:
GitHub

[HIGH] Craft CMS Arbitrary System File Read

PKSA-jkbm-w624-yb7q CVE-2024-52292 GHSA-cw6g-qmjq-6w2w

Affected version: >=3.5.13,<=4.12.6.1|>=5.0.0-alpha.1,<=5.4.7.1

Reported by:
GitHub

[HIGH] Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution

PKSA-mtjx-x487-29s9 CVE-2024-52291 GHSA-jrh5-vhr9-qh7q

Affected version: >=4.0.0-RC1,<=4.12.4.1|>=5.0.0-RC1,<=5.4.5.1

Reported by:
GitHub

[MEDIUM] Craft CMS Feed-Me

PKSA-yq9g-7wmy-ph9w CVE-2023-36260 GHSA-6p78-f7h9-6838

Affected version: <4.6.2

Reported by:
GitHub