15 matches found
CVE-2026-54005
Kirby CMS has a vulnerability tracked as CVE-2026-54005 where the /api/site/find route does not check the pages.access permission. Prior to versions 4.9.4 and 5.4.4, authenticated users who know or guess page IDs or UUIDs could retrieve full page content and metadata for arbitrary published pages...
CVE-2026-54005 Kirby: `pages.access` permission is not checked in the `site/find` REST API route
Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a role has the pages.access permission disabled allowed authenticated users who know or guess page IDs or UUIDs to retrieve page information, including full content and metadata, for arbitrary published...
Kirby: `pages.access` permission is not checked in the `site/find` REST API route
TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages pages.access permission is disabled. This can be due to configuration in the user blueprints, options in the model blueprints, or a combination of both settings. It was possible to...
PT-2026-2947
Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to...
EUVD-2018-16918
Malware in sbrugna...
EUVD-2023-1216
Malicious code in bioql PyPI...
CVE-2023-30848 Pimcore SQL Injection Vulnerability in Admin Search Find API
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually...
CVE-2018-5132
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...
Open redirect
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...
CVE-2018-5132
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...
CVE-2018-5132
CVE-2018-5132 : The Find API for WebExtensions in Firefox can search privileged pages (for example, about:debugging) when those pages are open in a tab, potentially exposing protected data. Affected products/versions: Firefox
Mozilla Firefox Information Disclosure Vulnerability (CNVD-2018-07087)
Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. An information disclosure vulnerability exists in the WebExtension Find API of Mozilla Firefox. A remote user can exploit the vulnerability by sending a specially crafted request to view...
CVE-2018-5132
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...
UBUNTU-CVE-2018-5132
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...
Security vulnerabilities fixed in Firefox 59 — Mozilla
A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially...