Lucene search
K

19 matches found

CVE
CVE
added yesterday6 views

CVE-2026-58593

NodeBB is affected by CVE-2026-58593 where inbound ActivityPub objects are not correctly bound to the authenticated remote actor. The middleware verifies the HTTP-signature actor and origin of object.id but does not validate that attributedTo corresponds to the sender, treating attributedTo as a ...

8.7CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/03/04 5:16 p.m.10 views

CVE-2026-28781

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

7.1CVSS0.00326EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/04 4:31 p.m.35 views

CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

7.1CVSS0.00326EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/04 4:31 p.m.3 views

CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

7.1CVSS6AI score0.00326EPSS
Exploits1References3
CVE
CVE
added 2026/03/04 4:31 p.m.9 views

CVE-2026-28781

CVE-2026-28781 affects Craft CMS. Before versions 4.17.0-beta.1 and 5.9.0-beta.1, an entry creation flow permits Mass Assignment of the authorId attribute. A user with Create Entries permission can inject the parameters authorIds[] or authorId into a POST request, which the backend may process wi...

7.1CVSS6AI score0.00326EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/03 9:0 p.m.6 views

GHSA-2XFC-G69J-X2MP Craft CMS: Entries Authorship Spoofing via Mass Assignment

Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign...

7.1CVSS6AI score0.00326EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.7 views

PT-2026-22950

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 Craft versions prior to 5.9.0-beta.1 Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorI...

7.1CVSS6AI score0.00326EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/08 12:30 a.m.5 views

EUVD-2026-5705

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

5.3CVSS5.4AI score0.00246EPSS
Exploits0References4
OSV
OSV
added 2026/02/07 10:16 p.m.5 views

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

4.3CVSS5.3AI score
Exploits0References3
NVD
NVD
added 2026/02/07 10:16 p.m.7 views

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

5.3CVSS0.00246EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/07 9:58 p.m.4 views

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

5.3CVSS5.3AI score0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/07 9:58 p.m.28 views

CVE-2026-25567 WeKan < 8.19 Card Comment Author Spoofing via User-controlled authorId

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

5.3CVSS0.00246EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.7 views

WeKan 安全漏洞

WeKan is a Kanban application from WeKan open source. WeKan suffers from a security vulnerability that can be exploited by an attacker to spoof the author of a recorded comment by providing another user's identifier...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.5 views

CVE-2021-22218

All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits...

4CVSS6.5AI score0.00463EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2013-4226

Malware in sbrugna...

3.5CVSS6AI score0.0263EPSS
Exploits2References11
RedHat Linux
RedHat Linux
added 2015/09/08 1:9 p.m.2 views

subversion: (mod_dav_svn) spoofing svn:author property values for new revisions

It was found that the moddavsvn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property...

4CVSS7.3AI score0.07558EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/08/17 8:10 a.m.2 views

subversion: (mod_dav_svn) spoofing svn:author property values for new revisions

It was found that the moddavsvn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property...

4CVSS7.3AI score0.07558EPSS
Exploits0References5
OSV
OSV
added 2015/04/08 6:59 p.m.8 views

CVE-2015-0251

The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences...

4CVSS8.6AI score0.07558EPSS
Exploits0References14
CNVD
CNVD
added 2015/04/01 12:0 a.m.1 views

Apache Subversion mod_dav_svn server new revision svn:author attribute value spoofing vulnerability

Subversion is an open source multi-user version control system that supports non-ASCII text and binary data. The Subversion moddavsvn server allows arbitrary setting of the svn:author attribute value when submitting new revisions. This allows an attacker to use a carefully constructed sequence of...

4CVSS7AI score0.07558EPSS
Exploits0References1
Rows per page
Query Builder