Lucene search
K

4148 matches found

OSV
OSV
added 2026/05/11 4:17 p.m.7 views

PYSEC-2026-150

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 4:17 p.m.13 views

CVE-2026-44201

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

5.3CVSS0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 2:42 p.m.8 views

CVE-2026-44201 Wagtail: Improper restriction handling on Documents and Images API

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 2:42 p.m.24 views

CVE-2026-44201

CVE-2026-44201 (Wagtail) : The Documents and Images API improperly listed items in private collections, allowing a user with API access to see filenames and names of documents/images in private collections. Root cause: insufficient access restrictions in the API prior to versions 7.0.7, 7.3.2, an...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/11 2:42 p.m.61 views

CVE-2026-44201 Wagtail: Improper restriction handling on Documents and Images API

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

5.3CVSS0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the shares.create API, which accepted both collectionId and documentId. When published=false was set, only read access for each...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

CPython 安全特征问题漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security feature vulnerability, which stems from insufficient entropy in Expat hash flood protection mechanisms. This vulnerability may allow specially crafted XML documents to trigger a hash flood...

9.8CVSS5.8AI score0.0079EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/08 8:21 p.m.13 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the API for documents and images. A user with access to the API can access filenames and names of items...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 8:21 p.m.22 views

Wagtail has improper restriction handling on Documents and Images API

Impact The Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. Patches Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature releas...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.24 views

PT-2026-39236

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Description The Documents and Images API incorrectly lists items in private collections, allowing a user with API access to view the filename and name of documents and images stor...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:16 a.m.8 views

CVE-2026-4430

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...

6.9CVSS5.8AI score0.00078EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/07 4:16 a.m.15 views

CVE-2026-41656

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

4.5CVSS0.00362EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 2:58 a.m.8 views

CVE-2026-41656

CVE-2026-41656 (Admidio) : Prior to 5.0.9, the add mode of modules/documents-files.php accepts a name parameter with only string-based HTML encoding validation, allowing path traversal (../) and, combined with absent CSRF protection and SameSite=Lax cookies, enables a low-privilege attacker to tr...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 2:58 a.m.11 views

EUVD-2026-28265

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 2:58 a.m.6 views

CVE-2026-41656

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 12:59 a.m.5 views

GHSA-3CV5-Q585-H563 Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes

Summary Six conversion routes pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression=/path from anonymous callers. The dedicated...

5.3CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:57 a.m.8 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the libreoffice process when uploaded files containing external references are passed directly for conversion without content inspection. An attacker can cause the server to make arbitrary outbound HT...

8.8CVSS6AI score0.00245EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38384

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description Six API endpoints '/pdfengines/merge', '/pdfengines/split', '/libreoffice/convert', '/chromium/convert/url', '/chromium/convert/html', and '/chromium/convert/markdown' allow anonymous callers to...

5.3CVSS5.9AI score0.00311EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Admidio 路径遍历漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a path traversal vulnerability. This vulnerability stemmed...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.13 views

Debian dsa-6251 : fonts-opensymbol - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6251 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6251-1 [email protected] https://www.debian.org/security/...

7.8CVSS6AI score0.00078EPSS
Exploits0References5
Rows per page
Query Builder