Wintercms Winter
8 CVEs affecting Wintercms Winter. Latest disclosed: 2026-03-11. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-27591 | Critical | 10.0 | 2026-03-11 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed auth… |
CVE-2024-54149 | High | 8.5 | 2024-12-09 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow… |
CVE-2022-39357 | High | 8.1 | 2022-10-26 | Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vuln… |
CVE-2023-52085 | Low | 3.3 | 2023-12-29 | Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that woul… |
CVE-2023-52084 | Low | 2.0 | 2023-12-28 | Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a… |
CVE-2023-52083 | Low | 2.0 | 2023-12-28 | Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager… |
CVE-2023-37269 | Low | 2.0 | 2023-07-07 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can uploa… |
CVE-2026-22254 | Unrated | | 2026-02-06 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access… |