Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added last week11 views

Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap

Summary EntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model. The subsequent author mutation path accepts attacker-supplied authors / author parameters and allows the change when the current user is one of the o...

7.6CVSS5.8AI score0.00245EPSS
Exploits0References4Affected Software1
CloudLinux
CloudLinux
added 2026/05/30 10:24 a.m.11 views

polkit: Fix of CVE-2018-1116

CVE-2018-1116: polkit trusts client-supplied UID in CheckAuthorization, allowing a local attacker to spoof or DoS the authentication-agent dialog of unrelated processes...

4.7CVSS5.5AI score0.01196EPSS
Exploits0
Snyk
Snyk
added 2026/04/30 6:20 p.m.3 views

Incorrect Authorization

Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/30 6:20 p.m.7 views

Incorrect Authorization

Overview @clerk/clerk-js is a Clerk JS library Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single auth.protect or has call th...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References3
Rows per page
Query Builder