Lucene search
+L

47 matches found

CVE
CVE
added yesterday19 views

CVE-2026-54244

Statamic CMS suffers an Incorrect Authorization issue in the Live Preview feature. Before versions 5.74.0 and 6.20.3, the Live Preview endpoint in src/Http/Controllers/CP/PreviewController.php only checked view permissions and could render caller-supplied field values. A Control Panel user with v...

3.5CVSS5.3AI score
Exploits0References5
Cvelist
Cvelist
added yesterday6 views

CVE-2026-54244 Statamic: Incorrect authorization lets view-only users submit Live Preview content reserved for editors

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only checked view authorization, but it accepts and renders caller-supplied field values. A...

3.5CVSS
Exploits0References5
OSV
OSV
added 2026/06/26 11:10 p.m.5 views

GHSA-7MQQ-4V55-88GH Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors

Impact The Live Preview endpoint for existing entries and terms only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareab...

3.5CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 11:10 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Live Preview process. An attacker can submit unauthorized content and generate shareable preview URLs by leveraging insufficient permission checks. Remediation Upgrade statamic/cms to version 5.74.0, 6.20....

5.1CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/26 11:10 p.m.9 views

Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors

Impact The Live Preview endpoint for existing entries and terms only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareab...

3.5CVSS5.7AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53029

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.74.0 Statamic versions prior to 6.20.3 Description The Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only verifies view authorization but accepts and renders...

3.5CVSS5.3AI score
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/15 5:14 p.m.15 views

Weblate: Stored HTML injection in editor search preview

Impact Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. Patches...

4.6CVSS5.8AI score0.00208EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.7 views

Microsoft Visual Studio Code Live Preview Extension < 0.4.19 Path Traversal (CVE-2026-41612)

The Microsoft Visual Studio Code Live Preview Extension installed on the remote host is prior to 0.4.19. It is, therefore, affected by a path traversal vulnerability: - Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. CVE-2026-41612 No...

5.5CVSS5.8AI score0.00495EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33884

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated Control Panel user with access to live preview could use a live preview token to access restricted content that the token was not intended for. This has been fixed in 5.73.16...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33884

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated Control Panel user with access to live preview could use a live preview token to access restricted content that the token was not intended for. This has been fixed in 5.73.16...

4.3CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 8:38 p.m.34 views

CVE-2026-33884 Statamic's live preview token bypasses content protection for unrelated entries

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated Control Panel user with access to live preview could use a live preview token to access restricted content that the token was not intended for. This has been fixed in 5.73.16...

4.3CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 8:38 p.m.3 views

CVE-2026-33884 Statamic's live preview token bypasses content protection for unrelated entries

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated Control Panel user with access to live preview could use a live preview token to access restricted content that the token was not intended for. This has been fixed in 5.73.16...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 8:38 p.m.8 views

CVE-2026-33884

CVE-2026-33884 affects Statamic CMS (Laravel/Git-based). An authenticated Control Panel user with access to live preview could misuse a live preview token to access restricted content not intended for that token. Root cause: token-based live preview access bypasses content protection for unrelate...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:38 p.m.3 views

CVE-2026-33884

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated Control Panel user with access to live preview could use a live preview token to access restricted content that the token was not intended for. This has been fixed in 5.73.16...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/27 8:38 p.m.8 views

CVE-2026-33884 Statamic's live preview token bypasses content protection for unrelated entries

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated Control Panel user with access to live preview could use a live preview token to access restricted content that the token was not intended for. This has been fixed in 5.73.16...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 7:5 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the live preview. An attacker can gain unauthorized access to restricted content by using a valid live preview token intended for a different entry. Remediation Upgrade statamic/cms to version 5.73.16, 6.7.2 ...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 7:5 p.m.5 views

GHSA-8VWX-CCF6-5WG2 Statamic's live preview token bypasses content protection for unrelated entries

Impact An authenticated Control Panel user with access to live preview could use a live preview token to access restricted content that the token was not intended for. Patches This has been fixed in 5.73.16 and 6.7.2...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 7:5 p.m.7 views

Statamic's live preview token bypasses content protection for unrelated entries

Impact An authenticated Control Panel user with access to live preview could use a live preview token to access restricted content that the token was not intended for. Patches This has been fixed in 5.73.16 and 6.7.2...

4.3CVSS5.7AI score0.00162EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28551

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2 Description An authenticated Control Panel user with access to live preview could use a live preview token to access restricted content that the token was not intended for. Th...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/02/18 1:16 p.m.8 views

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code VS Code extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively...

9.1CVSS6.6AI score0.00639EPSS
Exploits3
Rows per page
Query Builder