Lucene search
K

5 matches found

EUVD
EUVD
added 2026/07/02 4:15 p.m.7 views

EUVD-2026-41416

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 4:2 p.m.7 views

EUVD-2026-41409

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.19 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
OSV
OSV
added 2026/07/01 11:43 p.m.5 views

CVE-2026-50280 Craft CMS: Authorization bypass in `entries/move-to-section` via missing target-section save check

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection endpoint gates the destination section only by viewEntries:$section-uid rather than requiring saveEntries permission the source entry is separately checked via...

6CVSS5.9AI score0.00273EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/05/29 11:58 p.m.5 views

WordPress Essential Addons for Elementor plugin <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Twitter Feed vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.21...

6.4CVSS5.8AI score0.00329EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder