Every CVE whose affected-product data names Torchbox Wagtail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2026-54263 — CVSS 7.3 (high): Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site…
CVE-2026-44197 — CVSS 6.5 (medium): Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit…
CVE-2024-39317 — CVSS 6.5 (medium): Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a…
CVE-2026-44199 — CVSS 6.5 (medium): Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form…
CVE-2026-54261 — CVSS 6.5 (medium): Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing…
CVE-2026-44200 — CVSS 6.5 (medium): Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to…
CVE-2023-28836 — CVSS 6.4 (medium): Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a…
CVE-2026-28222 — CVSS 6.1 (medium): Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site…
CVE-2020-11037 — CVSS 6.1 (medium): In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared…
CVE-2021-29434 — CVSS 6.1 (medium): Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin…
CVE-2026-28223 — CVSS 6.1 (medium): Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site…
CVE-2020-11001 — CVSS 5.8 (medium): In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within…
CVE-2020-15118 — CVSS 5.7 (medium): In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms`…
CVE-2021-32681 — CVSS 5.4 (medium): Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1…
CVE-2026-44201 — CVSS 5.3 (medium): Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API…
CVE-2023-28837 — CVSS 4.9 (medium): Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in…
CVE-2026-44198 — CVSS 4.3 (medium): Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit…
CVE-2026-54259 — CVSS 4.3 (medium): Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images…
CVE-2026-54260 — CVSS 4.3 (medium): Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin…
CVE-2026-54262 — CVSS 4.3 (medium): Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the…
CVE-2022-21683 — CVSS 3.5 (low): Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in…
CVE-2023-45809 — CVSS 2.7 (low): Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin…
CVE-2026-25517 — CVSS 2.7 (low): Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a…