517 matches found
EUVD-2024-1135
Malicious code in bioql PyPI...
EUVD-2022-4230
Malicious code in bioql PyPI...
EUVD-2022-4927
Malicious code in bioql PyPI...
EUVD-2024-2699
Malicious code in bioql PyPI...
Improper Access Control
contao/contao is vulnerable to Improper Access Control. The vulnerability is due to protected content elements rendered as fragments being indexed in the front-end search, which allows an attacker to access sensitive content publicly...
Improper Access Control
contao/contao is vulnerable to improper access control. The vulnerability is due to the table access voter in the back end not checking if a user is allowed to access the corresponding module, which allows an attacker to gain unauthorized access to restricted modules...
Improper Access Control
contao/contao is vulnerable to Improper Access Control. The vulnerability is due to news feeds not filtering protected news archives, which allows an attacker to access and view restricted news items through the public RSS feed...
CVE-2025-57759
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...
CVE-2025-57758
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...
CVE-2025-57757
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...
CVE-2025-57756
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...
CVE-2025-57759
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...
CVE-2025-57758
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...
CVE-2025-57757
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...
Incorrect Authorization
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Incorrect Authorization due to table access voter improper verification of a user permissions to...
Incorrect Authorization
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Incorrect Authorization in the page and article edit fields. An attacker can modify content without...
Incorrect Authorization
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Incorrect Authorization in the fragments rendering process. An attacker can access sensitive...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper filtering protected news archives. An attacker can access sensitive information by retrieving protected news items that are unintentionally included in the public RSS feed. Workaround This...
CVE-2025-57759 Contao has improper privilege management for page and article fields
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...
CVE-2025-57759 Contao has improper privilege management for page and article fields
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...