Lucene search
K

4 matches found

EUVD
EUVD
added 2026/07/02 4:15 p.m.7 views

EUVD-2026-41416

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 4:2 p.m.7 views

EUVD-2026-41409

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.18 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/05/29 11:58 p.m.5 views

WordPress Essential Addons for Elementor plugin <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Twitter Feed vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.21...

6.4CVSS5.8AI score0.00329EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder