CVE-2026-44010

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...

CVE-2026-44011 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the condition process. An attacker can execute arbitrary commands on the server by injecting malicious...

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the Address GraphQL resolver, which does not enforce schema scope filtering on top-level queries. An attacker can access sensitive address information belonging to...

Samba 4.0.0 < 4.17.12, 4.18.0 < 4.18.8, 4.19.0 Multiple Vulnerabilities

Samba is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

Samba File Truncation Vulnerability (CVE-2023-3347)

Samba is prone to a file truncation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

Lodash < 4.17.12 Prototype Pollution

According to its self-reported version number, Lodash is prior to 4.17.12. It is, therefore, affected by a prototype pollution vulnerability in the function defaultsDeep which could be tricked into adding or modifying properties of Object.prototype using a constructor payload. Note that the scann...

UBUNTU-CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

@astro-my/design-systems (>=0.3.14 <=0.4.42), @astro-my/design-systems-aw (>=0.4.63 <=0.4.64) +143 more potentially affected by CVE-2019-10744 via lodash-es (>=3.0.0 <=4.17.12)

lodash-es NPM version =3.0.0, =0.3.14, =0.4.63, =0.1.1, =0.1.1, =0.3.2-a, =0.1.0, =0.1.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.5.24 - @astro-my/design-systems-xuan-ts =0.1.1 and more Source cves: CVE-2019-10744 Source advisory: OSV:GHSA-JF85-CPCP-J695...

Prototype Pollution in lodash

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects. Recommendation...

GHSA-JF85-CPCP-J695 Prototype Pollution in lodash

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects. Recommendation...

Prototype Pollution in lodash

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects. Recommendation...

[SECURITY] Fedora 27 Update: kernel-tools-4.17.12-100.fc27

This package contains the tools/ directory from the kernel source and the supporting documentation...

PT-2018-2684 · Xen +4 · Xen +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.17.12 Xen versions prior to 4.11.x Description: An issue in the Linux kernel and Xen hypervisor allows local users to cause a denial of service or possibly gain privileges. The xen failsafe callback entry poin...