CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22254

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manage_assets. The Winter CMS maintainers strongly recommend that the cms.manage_assets permission only be reserved to trusted administrators and developers in general. This vulnerability is fixed in 1.2.10.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.9%

CVSS Severity

References

Products affected by CVE-2026-22254

Wintercms » Winter » Version: 1.0.319

cpe:2.3:a:wintercms:winter:1.0.319
Wintercms » Winter » Version: 1.0.320

cpe:2.3:a:wintercms:winter:1.0.320
Wintercms » Winter » Version: 1.0.321

cpe:2.3:a:wintercms:winter:1.0.321
Wintercms » Winter » Version: 1.0.322

cpe:2.3:a:wintercms:winter:1.0.322
Wintercms » Winter » Version: 1.0.323

cpe:2.3:a:wintercms:winter:1.0.323
Wintercms » Winter » Version: 1.0.324

cpe:2.3:a:wintercms:winter:1.0.324
Wintercms » Winter » Version: 1.0.325

cpe:2.3:a:wintercms:winter:1.0.325
Wintercms » Winter » Version: 1.0.326

cpe:2.3:a:wintercms:winter:1.0.326
Wintercms » Winter » Version: 1.0.327

cpe:2.3:a:wintercms:winter:1.0.327
Wintercms » Winter » Version: 1.0.328

cpe:2.3:a:wintercms:winter:1.0.328
Wintercms » Winter » Version: 1.0.329

cpe:2.3:a:wintercms:winter:1.0.329
Wintercms » Winter » Version: 1.0.330

cpe:2.3:a:wintercms:winter:1.0.330
Wintercms » Winter » Version: 1.0.331

cpe:2.3:a:wintercms:winter:1.0.331
Wintercms » Winter » Version: 1.0.332

cpe:2.3:a:wintercms:winter:1.0.332
Wintercms » Winter » Version: 1.0.333

cpe:2.3:a:wintercms:winter:1.0.333
Wintercms » Winter » Version: 1.0.334

cpe:2.3:a:wintercms:winter:1.0.334
Wintercms » Winter » Version: 1.0.335

cpe:2.3:a:wintercms:winter:1.0.335
Wintercms » Winter » Version: 1.0.336

cpe:2.3:a:wintercms:winter:1.0.336
Wintercms » Winter » Version: 1.0.337

cpe:2.3:a:wintercms:winter:1.0.337
Wintercms » Winter » Version: 1.0.338

cpe:2.3:a:wintercms:winter:1.0.338
Wintercms » Winter » Version: 1.0.339

cpe:2.3:a:wintercms:winter:1.0.339
Wintercms » Winter » Version: 1.0.340

cpe:2.3:a:wintercms:winter:1.0.340
Wintercms » Winter » Version: 1.0.341

cpe:2.3:a:wintercms:winter:1.0.341
Wintercms » Winter » Version: 1.0.342

cpe:2.3:a:wintercms:winter:1.0.342
Wintercms » Winter » Version: 1.0.343

cpe:2.3:a:wintercms:winter:1.0.343
Wintercms » Winter » Version: 1.0.344

cpe:2.3:a:wintercms:winter:1.0.344
Wintercms » Winter » Version: 1.0.345

cpe:2.3:a:wintercms:winter:1.0.345
Wintercms » Winter » Version: 1.0.346

cpe:2.3:a:wintercms:winter:1.0.346
Wintercms » Winter » Version: 1.0.347

cpe:2.3:a:wintercms:winter:1.0.347
Wintercms » Winter » Version: 1.0.348

cpe:2.3:a:wintercms:winter:1.0.348
Wintercms » Winter » Version: 1.0.349

cpe:2.3:a:wintercms:winter:1.0.349
Wintercms » Winter » Version: 1.0.350

cpe:2.3:a:wintercms:winter:1.0.350
Wintercms » Winter » Version: 1.0.351

cpe:2.3:a:wintercms:winter:1.0.351
Wintercms » Winter » Version: 1.0.352

cpe:2.3:a:wintercms:winter:1.0.352
Wintercms » Winter » Version: 1.0.353

cpe:2.3:a:wintercms:winter:1.0.353
Wintercms » Winter » Version: 1.0.354

cpe:2.3:a:wintercms:winter:1.0.354
Wintercms » Winter » Version: 1.0.355

cpe:2.3:a:wintercms:winter:1.0.355
Wintercms » Winter » Version: 1.0.356

cpe:2.3:a:wintercms:winter:1.0.356
Wintercms » Winter » Version: 1.0.357

cpe:2.3:a:wintercms:winter:1.0.357
Wintercms » Winter » Version: 1.0.358

cpe:2.3:a:wintercms:winter:1.0.358
Wintercms » Winter » Version: 1.0.359

cpe:2.3:a:wintercms:winter:1.0.359
Wintercms » Winter » Version: 1.0.360

cpe:2.3:a:wintercms:winter:1.0.360
Wintercms » Winter » Version: 1.0.361

cpe:2.3:a:wintercms:winter:1.0.361
Wintercms » Winter » Version: 1.0.362

cpe:2.3:a:wintercms:winter:1.0.362
Wintercms » Winter » Version: 1.0.363

cpe:2.3:a:wintercms:winter:1.0.363
Wintercms » Winter » Version: 1.0.364

cpe:2.3:a:wintercms:winter:1.0.364
Wintercms » Winter » Version: 1.0.365

cpe:2.3:a:wintercms:winter:1.0.365
Wintercms » Winter » Version: 1.0.366

cpe:2.3:a:wintercms:winter:1.0.366
Wintercms » Winter » Version: 1.0.367

cpe:2.3:a:wintercms:winter:1.0.367
Wintercms » Winter » Version: 1.0.368

cpe:2.3:a:wintercms:winter:1.0.368
Wintercms » Winter » Version: 1.0.369

cpe:2.3:a:wintercms:winter:1.0.369
Wintercms » Winter » Version: 1.0.370

cpe:2.3:a:wintercms:winter:1.0.370
Wintercms » Winter » Version: 1.0.371

cpe:2.3:a:wintercms:winter:1.0.371
Wintercms » Winter » Version: 1.0.372

cpe:2.3:a:wintercms:winter:1.0.372
Wintercms » Winter » Version: 1.0.373

cpe:2.3:a:wintercms:winter:1.0.373
Wintercms » Winter » Version: 1.0.374

cpe:2.3:a:wintercms:winter:1.0.374
Wintercms » Winter » Version: 1.0.375

cpe:2.3:a:wintercms:winter:1.0.375
Wintercms » Winter » Version: 1.0.376

cpe:2.3:a:wintercms:winter:1.0.376
Wintercms » Winter » Version: 1.0.377

cpe:2.3:a:wintercms:winter:1.0.377
Wintercms » Winter » Version: 1.0.378

cpe:2.3:a:wintercms:winter:1.0.378
Wintercms » Winter » Version: 1.0.379

cpe:2.3:a:wintercms:winter:1.0.379
Wintercms » Winter » Version: 1.0.380

cpe:2.3:a:wintercms:winter:1.0.380
Wintercms » Winter » Version: 1.0.381

cpe:2.3:a:wintercms:winter:1.0.381
Wintercms » Winter » Version: 1.0.382

cpe:2.3:a:wintercms:winter:1.0.382
Wintercms » Winter » Version: 1.0.383

cpe:2.3:a:wintercms:winter:1.0.383
Wintercms » Winter » Version: 1.0.384

cpe:2.3:a:wintercms:winter:1.0.384
Wintercms » Winter » Version: 1.0.385

cpe:2.3:a:wintercms:winter:1.0.385
Wintercms » Winter » Version: 1.0.386

cpe:2.3:a:wintercms:winter:1.0.386
Wintercms » Winter » Version: 1.0.387

cpe:2.3:a:wintercms:winter:1.0.387
Wintercms » Winter » Version: 1.0.388

cpe:2.3:a:wintercms:winter:1.0.388
Wintercms » Winter » Version: 1.0.389

cpe:2.3:a:wintercms:winter:1.0.389
Wintercms » Winter » Version: 1.0.390

cpe:2.3:a:wintercms:winter:1.0.390
Wintercms » Winter » Version: 1.0.391

cpe:2.3:a:wintercms:winter:1.0.391
Wintercms » Winter » Version: 1.0.392

cpe:2.3:a:wintercms:winter:1.0.392
Wintercms » Winter » Version: 1.0.393

cpe:2.3:a:wintercms:winter:1.0.393
Wintercms » Winter » Version: 1.0.394

cpe:2.3:a:wintercms:winter:1.0.394
Wintercms » Winter » Version: 1.0.395

cpe:2.3:a:wintercms:winter:1.0.395
Wintercms » Winter » Version: 1.0.396

cpe:2.3:a:wintercms:winter:1.0.396
Wintercms » Winter » Version: 1.0.397

cpe:2.3:a:wintercms:winter:1.0.397
Wintercms » Winter » Version: 1.0.398

cpe:2.3:a:wintercms:winter:1.0.398
Wintercms » Winter » Version: 1.0.399

cpe:2.3:a:wintercms:winter:1.0.399
Wintercms » Winter » Version: 1.0.400

cpe:2.3:a:wintercms:winter:1.0.400
Wintercms » Winter » Version: 1.0.401

cpe:2.3:a:wintercms:winter:1.0.401
Wintercms » Winter » Version: 1.0.402

cpe:2.3:a:wintercms:winter:1.0.402
Wintercms » Winter » Version: 1.0.403

cpe:2.3:a:wintercms:winter:1.0.403
Wintercms » Winter » Version: 1.0.404

cpe:2.3:a:wintercms:winter:1.0.404
Wintercms » Winter » Version: 1.0.405

cpe:2.3:a:wintercms:winter:1.0.405
Wintercms » Winter » Version: 1.0.406

cpe:2.3:a:wintercms:winter:1.0.406
Wintercms » Winter » Version: 1.0.407

cpe:2.3:a:wintercms:winter:1.0.407
Wintercms » Winter » Version: 1.0.408

cpe:2.3:a:wintercms:winter:1.0.408
Wintercms » Winter » Version: 1.0.409

cpe:2.3:a:wintercms:winter:1.0.409
Wintercms » Winter » Version: 1.0.410

cpe:2.3:a:wintercms:winter:1.0.410
Wintercms » Winter » Version: 1.0.411

cpe:2.3:a:wintercms:winter:1.0.411
Wintercms » Winter » Version: 1.0.412

cpe:2.3:a:wintercms:winter:1.0.412
Wintercms » Winter » Version: 1.0.413

cpe:2.3:a:wintercms:winter:1.0.413
Wintercms » Winter » Version: 1.0.414

cpe:2.3:a:wintercms:winter:1.0.414
Wintercms » Winter » Version: 1.0.415

cpe:2.3:a:wintercms:winter:1.0.415
Wintercms » Winter » Version: 1.0.416

cpe:2.3:a:wintercms:winter:1.0.416
Wintercms » Winter » Version: 1.0.417

cpe:2.3:a:wintercms:winter:1.0.417
Wintercms » Winter » Version: 1.0.418

cpe:2.3:a:wintercms:winter:1.0.418
Wintercms » Winter » Version: 1.0.419

cpe:2.3:a:wintercms:winter:1.0.419
Wintercms » Winter » Version: 1.0.420

cpe:2.3:a:wintercms:winter:1.0.420
Wintercms » Winter » Version: 1.0.421

cpe:2.3:a:wintercms:winter:1.0.421
Wintercms » Winter » Version: 1.0.422

cpe:2.3:a:wintercms:winter:1.0.422
Wintercms » Winter » Version: 1.0.423

cpe:2.3:a:wintercms:winter:1.0.423
Wintercms » Winter » Version: 1.0.424

cpe:2.3:a:wintercms:winter:1.0.424
Wintercms » Winter » Version: 1.0.425

cpe:2.3:a:wintercms:winter:1.0.425
Wintercms » Winter » Version: 1.0.426

cpe:2.3:a:wintercms:winter:1.0.426
Wintercms » Winter » Version: 1.0.427

cpe:2.3:a:wintercms:winter:1.0.427
Wintercms » Winter » Version: 1.0.428

cpe:2.3:a:wintercms:winter:1.0.428
Wintercms » Winter » Version: 1.0.429

cpe:2.3:a:wintercms:winter:1.0.429
Wintercms » Winter » Version: 1.0.430

cpe:2.3:a:wintercms:winter:1.0.430
Wintercms » Winter » Version: 1.0.431

cpe:2.3:a:wintercms:winter:1.0.431
Wintercms » Winter » Version: 1.0.432

cpe:2.3:a:wintercms:winter:1.0.432
Wintercms » Winter » Version: 1.0.433

cpe:2.3:a:wintercms:winter:1.0.433
Wintercms » Winter » Version: 1.0.434

cpe:2.3:a:wintercms:winter:1.0.434
Wintercms » Winter » Version: 1.0.435

cpe:2.3:a:wintercms:winter:1.0.435
Wintercms » Winter » Version: 1.0.436

cpe:2.3:a:wintercms:winter:1.0.436
Wintercms » Winter » Version: 1.0.437

cpe:2.3:a:wintercms:winter:1.0.437
Wintercms » Winter » Version: 1.0.438

cpe:2.3:a:wintercms:winter:1.0.438
Wintercms » Winter » Version: 1.0.439

cpe:2.3:a:wintercms:winter:1.0.439
Wintercms » Winter » Version: 1.0.440

cpe:2.3:a:wintercms:winter:1.0.440
Wintercms » Winter » Version: 1.0.441

cpe:2.3:a:wintercms:winter:1.0.441
Wintercms » Winter » Version: 1.0.442

cpe:2.3:a:wintercms:winter:1.0.442
Wintercms » Winter » Version: 1.0.443

cpe:2.3:a:wintercms:winter:1.0.443
Wintercms » Winter » Version: 1.0.444

cpe:2.3:a:wintercms:winter:1.0.444
Wintercms » Winter » Version: 1.0.445

cpe:2.3:a:wintercms:winter:1.0.445
Wintercms » Winter » Version: 1.0.446

cpe:2.3:a:wintercms:winter:1.0.446
Wintercms » Winter » Version: 1.0.447

cpe:2.3:a:wintercms:winter:1.0.447
Wintercms » Winter » Version: 1.0.448

cpe:2.3:a:wintercms:winter:1.0.448
Wintercms » Winter » Version: 1.0.449

cpe:2.3:a:wintercms:winter:1.0.449
Wintercms » Winter » Version: 1.0.450

cpe:2.3:a:wintercms:winter:1.0.450
Wintercms » Winter » Version: 1.0.451

cpe:2.3:a:wintercms:winter:1.0.451
Wintercms » Winter » Version: 1.0.452

cpe:2.3:a:wintercms:winter:1.0.452
Wintercms » Winter » Version: 1.0.453

cpe:2.3:a:wintercms:winter:1.0.453
Wintercms » Winter » Version: 1.0.454

cpe:2.3:a:wintercms:winter:1.0.454
Wintercms » Winter » Version: 1.0.455

cpe:2.3:a:wintercms:winter:1.0.455
Wintercms » Winter » Version: 1.0.456

cpe:2.3:a:wintercms:winter:1.0.456
Wintercms » Winter » Version: 1.0.457

cpe:2.3:a:wintercms:winter:1.0.457
Wintercms » Winter » Version: 1.0.458

cpe:2.3:a:wintercms:winter:1.0.458
Wintercms » Winter » Version: 1.0.459

cpe:2.3:a:wintercms:winter:1.0.459
Wintercms » Winter » Version: 1.0.460

cpe:2.3:a:wintercms:winter:1.0.460
Wintercms » Winter » Version: 1.0.461

cpe:2.3:a:wintercms:winter:1.0.461
Wintercms » Winter » Version: 1.0.462

cpe:2.3:a:wintercms:winter:1.0.462
Wintercms » Winter » Version: 1.0.463

cpe:2.3:a:wintercms:winter:1.0.463
Wintercms » Winter » Version: 1.0.464

cpe:2.3:a:wintercms:winter:1.0.464
Wintercms » Winter » Version: 1.0.465

cpe:2.3:a:wintercms:winter:1.0.465
Wintercms » Winter » Version: 1.0.466

cpe:2.3:a:wintercms:winter:1.0.466
Wintercms » Winter » Version: 1.0.467

cpe:2.3:a:wintercms:winter:1.0.467
Wintercms » Winter » Version: 1.0.468

cpe:2.3:a:wintercms:winter:1.0.468
Wintercms » Winter » Version: 1.0.469

cpe:2.3:a:wintercms:winter:1.0.469
Wintercms » Winter » Version: 1.0.470

cpe:2.3:a:wintercms:winter:1.0.470
Wintercms » Winter » Version: 1.0.471

cpe:2.3:a:wintercms:winter:1.0.471
Wintercms » Winter » Version: 1.0.472

cpe:2.3:a:wintercms:winter:1.0.472
Wintercms » Winter » Version: 1.0.473

cpe:2.3:a:wintercms:winter:1.0.473
Wintercms » Winter » Version: 1.0.474

cpe:2.3:a:wintercms:winter:1.0.474
Wintercms » Winter » Version: 1.0.475

cpe:2.3:a:wintercms:winter:1.0.475
Wintercms » Winter » Version: 1.0.476

cpe:2.3:a:wintercms:winter:1.0.476
Wintercms » Winter » Version: 1.1.0

cpe:2.3:a:wintercms:winter:1.1.0
Wintercms » Winter » Version: 1.1.1

cpe:2.3:a:wintercms:winter:1.1.1
Wintercms » Winter » Version: 1.1.10

cpe:2.3:a:wintercms:winter:1.1.10
Wintercms » Winter » Version: 1.1.11

cpe:2.3:a:wintercms:winter:1.1.11
Wintercms » Winter » Version: 1.1.2

cpe:2.3:a:wintercms:winter:1.1.2
Wintercms » Winter » Version: 1.1.3

cpe:2.3:a:wintercms:winter:1.1.3
Wintercms » Winter » Version: 1.1.4

cpe:2.3:a:wintercms:winter:1.1.4
Wintercms » Winter » Version: 1.1.5

cpe:2.3:a:wintercms:winter:1.1.5
Wintercms » Winter » Version: 1.1.6

cpe:2.3:a:wintercms:winter:1.1.6
Wintercms » Winter » Version: 1.1.7

cpe:2.3:a:wintercms:winter:1.1.7
Wintercms » Winter » Version: 1.1.8

cpe:2.3:a:wintercms:winter:1.1.8
Wintercms » Winter » Version: 1.1.9

cpe:2.3:a:wintercms:winter:1.1.9
Wintercms » Winter » Version: 1.2.0

cpe:2.3:a:wintercms:winter:1.2.0
Wintercms » Winter » Version: 1.2.1

cpe:2.3:a:wintercms:winter:1.2.1
Wintercms » Winter » Version: 1.2.2

cpe:2.3:a:wintercms:winter:1.2.2
Wintercms » Winter » Version: 1.2.3

cpe:2.3:a:wintercms:winter:1.2.3
Wintercms » Winter » Version: 1.2.4

cpe:2.3:a:wintercms:winter:1.2.4
Wintercms » Winter » Version: 1.2.5

cpe:2.3:a:wintercms:winter:1.2.5
Wintercms » Winter » Version: 1.2.6

cpe:2.3:a:wintercms:winter:1.2.6
Wintercms » Winter » Version: 1.2.7

cpe:2.3:a:wintercms:winter:1.2.7
Wintercms » Winter » Version: 1.2.8

cpe:2.3:a:wintercms:winter:1.2.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22254

Products

Pricing

Contact Us