Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-37721: The PHP CMS built for Laravel.

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.

CVE
#xss#java#php#auth

Laravel Built on the worlds most popular PHP framework.

Pyro feels like a natural extension of Laravel. We do not try and hide it but embrace it everywhere.

Open Source MIT License

Our core product and features have been and always will be 100% free and open source.

Easy to Use Simple, Clean, and Consistent Control Panel

The control panel is built on standardized patterns and principles just like the API. This means it is faster and easier for your team to create components and easier for clients to use the product.

Mobile Responsive Control Panel

Pyro makes it easy to manage your content wherever you are. Full access to the entire control panel you know and love on a desktop now at your fingertips.

Localization Localization is built-in.

  • Easily translate content into multiple languages.
  • Safely override core translations without hacking.
  • Automatically route translated content.

Rapid Development Quickly scaffold components with Artisan.

Our CLI tools let you build addons and data structures literally in seconds. Just tweak as needed and ship it.

Lightning fast time to market means you can say yes more often to those customer needs that just can’t be found on the shelf.

Communicate Join our Discord server!

Get help from other skilled developers who know and love Pyro.

Join Us

Related news

CVE-2022-46496: CVE-2022-46496 - Missing TLS Certificate Validation in DoorEntry HOMETOUCH for iOS

BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.

GHSA-cm7f-hf2g-ghrp: PyroCMS vulnerable to stored Cross Site Scripting

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS) when a low privileged user, such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907