4148 matches found
PYSEC-2026-150
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...
CVE-2026-44201
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...
CVE-2026-44201 Wagtail: Improper restriction handling on Documents and Images API
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...
CVE-2026-44201
CVE-2026-44201 (Wagtail) : The Documents and Images API improperly listed items in private collections, allowing a user with API access to see filenames and names of documents/images in private collections. Root cause: insufficient access restrictions in the API prior to versions 7.0.7, 7.3.2, an...
CVE-2026-44201 Wagtail: Improper restriction handling on Documents and Images API
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...
Outline 安全漏洞
Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the shares.create API, which accepted both collectionId and documentId. When published=false was set, only read access for each...
CPython 安全特征问题漏洞
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security feature vulnerability, which stems from insufficient entropy in Expat hash flood protection mechanisms. This vulnerability may allow specially crafted XML documents to trigger a hash flood...
Improper Handling of Insufficient Permissions or Privileges
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the API for documents and images. A user with access to the API can access filenames and names of items...
Wagtail has improper restriction handling on Documents and Images API
Impact The Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. Patches Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature releas...
PT-2026-39236
Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Description The Documents and Images API incorrectly lists items in private collections, allowing a user with API access to view the filename and name of documents and images stor...
CVE-2026-4430
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...
CVE-2026-41656
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...
CVE-2026-41656
CVE-2026-41656 (Admidio) : Prior to 5.0.9, the add mode of modules/documents-files.php accepts a name parameter with only string-based HTML encoding validation, allowing path traversal (../) and, combined with absent CSRF protection and SameSite=Lax cookies, enables a low-privilege attacker to tr...
EUVD-2026-28265
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...
CVE-2026-41656
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...
GHSA-3CV5-Q585-H563 Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes
Summary Six conversion routes pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression=/path from anonymous callers. The dedicated...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the libreoffice process when uploaded files containing external references are passed directly for conversion without content inspection. An attacker can cause the server to make arbitrary outbound HT...
PT-2026-38384
Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description Six API endpoints '/pdfengines/merge', '/pdfengines/split', '/libreoffice/convert', '/chromium/convert/url', '/chromium/convert/html', and '/chromium/convert/markdown' allow anonymous callers to...
Admidio 路径遍历漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a path traversal vulnerability. This vulnerability stemmed...
Debian dsa-6251 : fonts-opensymbol - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6251 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6251-1 [email protected] https://www.debian.org/security/...