19 matches found
CVE-2026-58593
NodeBB is affected by CVE-2026-58593 where inbound ActivityPub objects are not correctly bound to the authenticated remote actor. The middleware verifies the HTTP-signature actor and origin of object.id but does not validate that attributedTo corresponds to the sender, treating attributedTo as a ...
CVE-2026-28781
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...
CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...
CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...
CVE-2026-28781
CVE-2026-28781 affects Craft CMS. Before versions 4.17.0-beta.1 and 5.9.0-beta.1, an entry creation flow permits Mass Assignment of the authorId attribute. A user with Create Entries permission can inject the parameters authorIds[] or authorId into a POST request, which the backend may process wi...
GHSA-2XFC-G69J-X2MP Craft CMS: Entries Authorship Spoofing via Mass Assignment
Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign...
PT-2026-22950
Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 Craft versions prior to 5.9.0-beta.1 Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorI...
EUVD-2026-5705
WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...
CVE-2026-25567
WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...
CVE-2026-25567
WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...
CVE-2026-25567
WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...
CVE-2026-25567 WeKan < 8.19 Card Comment Author Spoofing via User-controlled authorId
WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...
WeKan 安全漏洞
WeKan is a Kanban application from WeKan open source. WeKan suffers from a security vulnerability that can be exploited by an attacker to spoof the author of a recorded comment by providing another user's identifier...
CVE-2021-22218
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits...
EUVD-2013-4226
Malware in sbrugna...
subversion: (mod_dav_svn) spoofing svn:author property values for new revisions
It was found that the moddavsvn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property...
subversion: (mod_dav_svn) spoofing svn:author property values for new revisions
It was found that the moddavsvn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property...
CVE-2015-0251
The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences...
Apache Subversion mod_dav_svn server new revision svn:author attribute value spoofing vulnerability
Subversion is an open source multi-user version control system that supports non-ASCII text and binary data. The Subversion moddavsvn server allows arbitrary setting of the svn:author attribute value when submitting new revisions. This allows an attacker to use a carefully constructed sequence of...