Every CVE whose affected-product data names Getkirby Kirby, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (41)
CVE-2025-31493 — CVSS 9.1 (critical): Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby…
CVE-2025-30159 — CVSS 9.1 (critical): Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby…
CVE-2024-26483 — CVSS 8.8 (high): An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a…
CVE-2026-41325 — CVSS 8.8 (high): Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions…
CVE-2024-41964 — CVSS 8.1 (high): Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can…
CVE-2026-34587 — CVSS 8.1 (high): Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is…
CVE-2021-29460 — CVSS 7.6 (high): Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like…
CVE-2025-30207 — CVSS 7.5 (high): Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby…
CVE-2026-32870 — CVSS 7.5 (high): Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handling for `<![CDATA[ ]]>` blocks. If the…
CVE-2021-41252 — CVSS 7.3 (high): Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other…
CVE-2021-41258 — CVSS 7.3 (high): Kirby is an open source file structured CMS. In affected versions Kirby's blocks field stores structured data for each block. This data is…
CVE-2023-38489 — CVSS 7.3 (high): Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby…
CVE-2023-38488 — CVSS 7.1 (high): Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby…
CVE-2021-32735 — CVSS 7.1 (high): Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files…
CVE-2024-26482 — CVSS 7.1 (high): An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of…
CVE-2020-26255 — CVSS 6.8 (medium): Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the…
CVE-2023-38490 — CVSS 6.8 (medium): Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby…
CVE-2020-26253 — CVSS 6.8 (medium): Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which…
CVE-2026-29905 — CVSS 6.5 (medium): Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a…
CVE-2026-40099 — CVSS 6.5 (medium): Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions…
CVE-2026-42069 — CVSS 6.5 (medium): Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not…
CVE-2026-42137 — CVSS 6.5 (medium): Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list`…
CVE-2022-39315 — CVSS 6.5 (medium): Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all…
CVE-2024-26484 — CVSS 6.1 (medium): A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute…
CVE-2022-36037 — CVSS 5.9 (medium): kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cross-site…
CVE-2026-21896 — CVSS 5.7 (medium): Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes…
CVE-2023-38491 — CVSS 5.7 (medium): Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby…
CVE-2018-14520 — CVSS 5.4 (medium): An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web…
CVE-2025-65012 — CVSS 5.4 (medium): Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name…
CVE-2023-38492 — CVSS 5.3 (medium): Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby…
CVE-2018-16623 — CVSS 4.8 (medium): Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.
CVE-2024-26481 — CVSS 4.7 (medium): Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.
CVE-2024-27087 — CVSS 4.6 (medium): Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the…
CVE-2026-42051 — CVSS 4.3 (medium): Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and…
CVE-2018-14519 — CVSS 4.3 (medium): An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious…
CVE-2026-42174 — CVSS 4.3 (medium): Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are…
CVE-2022-39314 — CVSS 3.7 (low): Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper…