Lucene search
K

27 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.11 views

PT-2026-43449

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. This vulnerability is of high severity for affected sites and has a high real-world impact. ---- Introduction Arbitrary method call is a type of arbitrary code execution...

8.7CVSS6AI score0.0007EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.14 views

PT-2026-43452

TL;DR This vulnerability affects all Kirby sites on Kirby 5.3.0-5.4.0 and is independent from setup conditions and authentication. This vulnerability is of high severity for all Kirby sites. ---- Introduction Path traversal is a type of attack that allows to access arbitrary filesystem paths. By...

8.8CVSS6AI score0.00173EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/04 7:58 p.m.9 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the process for managing user avatars due to insufficient authorization checks. An attacker can gain unauthorized access to create, replace, or delete user avatars by leveraging file permissions without the...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.13 views

PT-2026-34815

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description The Xml::value method in Kirby contains a flaw in how it handles blocks. While the method is designed to allow valid CDATA to pass through without being escaped a second...

7.5CVSS5.2AI score0.00346EPSS
Exploits0References10
OSV
OSV
added 2026/01/08 8:32 p.m.2 views

GHSA-4J78-4XRM-CR2F Kirby is missing permission checks in the content changes API

TL;DR This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. If developers haven't configured any user...

5.8CVSS6.8AI score0.00189EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-8430

Malware in sbrugna...

4.8CVSS5.1AI score0.00683EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-8434

Malware in sbrugna...

6.1CVSS6.3AI score0.00753EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2176

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00799EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-6562

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.0056EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2004

Malicious code in bioql PyPI...

5.7CVSS5.6AI score0.00552EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 2:42 a.m.19 views

CVE-2023-38490

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

10CVSS6.4AI score0.01526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:16 a.m.9 views

CVE-2023-38491

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content...

5.7CVSS6.8AI score0.00552EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.10 views

CVE-2022-39315

Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does...

6.5CVSS6.8AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:45 a.m.11 views

CVE-2018-16623

Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown...

4.8CVSS6AI score0.00683EPSS
Exploits1References1
OSV
OSV
added 2025/05/13 8:2 p.m.6 views

GHSA-FW82-87P8-V6HP Kirby vulnerable to path traversal of snippet names in the `snippet()` helper

TL;DR This vulnerability affects all Kirby sites that use the snippet helper or $kirby-snippet method with a dynamic snippet name such as a snippet name that depends on request or user data. Sites that only use fixed calls to the snippet helper/$kirby-snippet method i.e. calls with a simple strin...

6.3CVSS6.5AI score0.00577EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2025/05/13 8:2 p.m.15 views

Kirby vulnerable to path traversal of snippet names in the `snippet()` helper

TL;DR This vulnerability affects all Kirby sites that use the snippet helper or $kirby-snippet method with a dynamic snippet name such as a snippet name that depends on request or user data. Sites that only use fixed calls to the snippet helper/$kirby-snippet method i.e. calls with a simple strin...

9.1CVSS6.6AI score0.00577EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/05/13 8:2 p.m.6 views

GHSA-9P3P-W5JF-8XXG Kirby vulnerable to path traversal in the router for PHP's built-in server

TL;DR This vulnerability affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or Caddy are not affected. ---- Introduction For use with PHP's built-in web server, Kirby...

2.3CVSS6.6AI score0.00475EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/05/13 8:2 p.m.18 views

Kirby vulnerable to path traversal in the router for PHP's built-in server

TL;DR This vulnerability affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or Caddy are not affected. ---- Introduction For use with PHP's built-in web server, Kirby...

7.5CVSS6.7AI score0.00475EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/05/13 8:2 p.m.7 views

GHSA-X275-H9J4-7P4H Kirby vulnerable to path traversal of collection names during file system lookup

TL;DR This vulnerability affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data. Sites that only use fixed calls to the collection helper/$kirby-collection method i.e. calls...

6.3CVSS6.6AI score0.00477EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/05/13 8:2 p.m.21 views

Kirby vulnerable to path traversal of collection names during file system lookup

TL;DR This vulnerability affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data. Sites that only use fixed calls to the collection helper/$kirby-collection method i.e. calls...

9.1CVSS6.6AI score0.00477EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder