CVE-2026-44201

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

CVE-2026-44201 Wagtail: Improper restriction handling on Documents and Images API

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

📄 Wagtail CMS 6.4.1 Cross Site Scripting

Wagtail CMS version 6.4.1 is vulnerable to a persistent cross site scripting vulnerability in the document upload functionality. An attacker can embed a malicious payload inside a PDF file. When the uploaded document is accessed via the CMS interface, the payload may execute in the context of the...

PT-2025-40417

Name of the Vulnerable Software and Affected Versions LangBot versions 4.1.0 through 4.3.4 Description LangBot is a global IM bot platform designed for LLMs. Authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. The interface does not strictly...

CVE-2023-49923

An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released...

Elastic Enterprise Search Log Information Disclosure Vulnerability

Elastic Enterprise Search is an enterprise search tool from Dutch company Elastic. A security vulnerability exists in Elastic Enterprise Search versions 7.0.0 through 7.17.16 and 8.0.0 through 8.11.2, which stems from App Search's Documents API recording the original content of indexed documents ...