Lucene search
K

15 matches found

CVE
CVE
added 5 days ago22 views

CVE-2026-54005

Kirby CMS has a vulnerability tracked as CVE-2026-54005 where the /api/site/find route does not check the pages.access permission. Prior to versions 4.9.4 and 5.4.4, authenticated users who know or guess page IDs or UUIDs could retrieve full page content and metadata for arbitrary published pages...

7.1CVSS6AI score0.00269EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-54005 Kirby: `pages.access` permission is not checked in the `site/find` REST API route

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a role has the pages.access permission disabled allowed authenticated users who know or guess page IDs or UUIDs to retrieve page information, including full content and metadata, for arbitrary published...

7.1CVSS0.00269EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/18 3:5 p.m.12 views

Kirby: `pages.access` permission is not checked in the `site/find` REST API route

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages pages.access permission is disabled. This can be due to configuration in the user blueprints, options in the model blueprints, or a combination of both settings. It was possible to...

7.1CVSS5.4AI score0.00269EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.6 views

PT-2026-2947

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to...

8.8CVSS8.6AI score0.00428EPSS
Exploits1References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-16918

Malware in sbrugna...

6.5CVSS7.8AI score0.01489EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1216

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00724EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/04/27 3:3 p.m.20 views

CVE-2023-30848 Pimcore SQL Injection Vulnerability in Admin Search Find API

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually...

8.8CVSS9.3AI score0.00724EPSS
Exploits0References3
NVD
NVD
added 2018/06/11 9:29 p.m.20 views

CVE-2018-5132

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...

6.5CVSS6AI score0.01489EPSS
Exploits0References5
Prion
Prion
added 2018/06/11 9:29 p.m.13 views

Open redirect

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...

4.3CVSS7AI score0.01489EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.25 views

CVE-2018-5132

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...

7AI score0.01489EPSS
Exploits0References5
CVE
CVE
added 2018/06/11 9:0 p.m.129 views

CVE-2018-5132

CVE-2018-5132 : The Find API for WebExtensions in Firefox can search privileged pages (for example, about:debugging) when those pages are open in a tab, potentially exposing protected data. Affected products/versions: Firefox

6.5CVSS6.9AI score0.01489EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2018/03/14 12:0 a.m.5 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2018-07087)

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. An information disclosure vulnerability exists in the WebExtension Find API of Mozilla Firefox. A remote user can exploit the vulnerability by sending a specially crafted request to view...

6.5CVSS8.4AI score0.01489EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/03/14 12:0 a.m.25 views

CVE-2018-5132

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...

6.5CVSS6.9AI score0.01489EPSS
Exploits0References3
OSV
OSV
added 2018/03/14 12:0 a.m.4 views

UBUNTU-CVE-2018-5132

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...

6.5CVSS7AI score0.01489EPSS
Exploits0References4
Mozilla
Mozilla
added 2018/03/13 12:0 a.m.539 views

Security vulnerabilities fixed in Firefox 59 — Mozilla

A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially...

9.8CVSS0.3AI score0.08024EPSS
Exploits2References19Affected Software1
Rows per page
Query Builder