GHSA-JXM3-PMM2-9GF6 Craft CMS has Permission Bypass and IDOR in Duplicate Entry Action

Description The "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is restricted in the UI, a user can bypass this restriction by sending a direc...

EUVD-2016-2510

Malware in sbrugna...

CVE-2025-27602

Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folde...

PT-2024-40086 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue concerns the reports CMS section, where it only checks the canView function when listing reports that can be viewed by the current user. However, it does not perform this chec...

Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. The vulnerability i...

S21SEC-019 - Vignette /vgn/style internal information leak

ID: S21SEC-019-en Title: Vignette /vgn/style internal information leak Date: 15/03/2003 Status: Vendor contacted and solution available Scope: Revelation of internal variables Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-019-en.txt Release: External S 2 1 S E C...