Lucene search
+L

122 matches found

osv
osv
added 2026/06/17 6:57 p.m.11 views

DRUPAL-CORE-2026-008

The Media module comes with support for oEmbed. The oEmbed specification contains two discovery mechanisms, via providers.json and via URL discovery. The URL discovery code could be leveraged to trick Drupal into making server-side requests to any URL...

3.1CVSS5.4AI score0.0014EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.22 views

PT-2026-50609

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The Media module supports oEmbed, which utilizes two discovery mechanisms: providers.json and URL discovery. The URL discovery code can be exploited to trick the system into making...

5.5AI score0.0014EPSS
Exploits0References4
drupal
drupal
added 2026/06/17 12:0 a.m.12 views

Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008

The Media module comes with support for oEmbed. The oEmbed specification contains two discovery mechanisms, via providers.json and via URL discovery. The URL discovery code could be leveraged to trick Drupal into making server-side requests to any URL...

3.1CVSS5.3AI score0.0014EPSS
Exploits0References8
euvd
euvd
added 2026/06/12 7:9 p.m.13 views

EUVD-2026-35403

TYPO3 CMS has Broken Access Control in its Media Module...

7.1CVSS5.2AI score0.00313EPSS
Exploits0References6
snyk
snyk
added 2026/06/12 7:9 p.m.7 views

Directory Traversal

Overview typo3/cms-filelist is a TYPO3 backend module FileFilelist used for managing files. Affected versions of this package are vulnerable to Directory Traversal via the Media Module when backend users with file download permissions access the fallback storage of the file abstraction layer. An...

7.1CVSS6.1AI score0.00313EPSS
Exploits0References2
osv
osv
added 2026/06/12 7:9 p.m.10 views

GHSA-CHM7-4VCH-H8VR TYPO3 CMS has Broken Access Control in its Media Module

Problem Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files...

7.1CVSS5.2AI score0.00313EPSS
Exploits0References7
github
github
added 2026/06/12 7:9 p.m.15 views

TYPO3 CMS has Broken Access Control in its Media Module

Problem Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files...

7.1CVSS5.2AI score0.00313EPSS
Exploits0References7Affected Software2
osv
osv
added 2026/06/12 7:6 p.m.9 views

GHSA-Q93M-25XV-94HH TYPO3 CMS: Broken Access Control in Media Module

Problem Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS,...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/10 2:59 p.m.11 views

CVE-2026-49742

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS5.4AI score0.00313EPSS
Exploits0References1
nvd
nvd
added 2026/06/09 11:16 a.m.15 views

CVE-2026-49742

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS0.00313EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/09 10:54 a.m.35 views

CVE-2026-49742 TYPO3 CMS - Broken Access Control in Media Module

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS0.00313EPSS
Exploits0References3
osv
osv
added 2026/06/09 10:54 a.m.5 views

CVE-2026-49742 TYPO3 CMS - Broken Access Control in Media Module

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS5.9AI score0.00313EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/06/09 10:54 a.m.11 views

CVE-2026-49742 TYPO3 CMS - Broken Access Control in Media Module

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS5.4AI score0.00313EPSS
Exploits0References3
friendsofphp
friendsofphp
added 2026/06/09 8:59 a.m.9 views

TYPO3-CORE-SA-2026-013: Broken Access Control in Media Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-013...

7.1CVSS5.4AI score0.00313EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.15 views

PT-2026-47749

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users with file download permissions can download files...

7.1CVSS5.2AI score0.00313EPSS
Exploits0References10
cnnvd
cnnvd
added 2026/06/09 12:0 a.m.15 views

TYPO3 CMS 路径遍历漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Versions 11.0.0 to 11.5.50, 12.0.0 to 12.4.45, 13.0.0 to 13.4.30, and 14.0.0 to 14.3.2 of TYPO3 CMS contain a path traversal vulnerability. This vulnerability arises from backend users with file download...

7.1CVSS5.2AI score0.00313EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/08 6:22 p.m.31 views

CVE-2026-34985 LORIS has incorrect access checks in media module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...

6.3CVSS0.00226EPSS
Exploits0References1
cve
cve
added 2026/04/08 6:22 p.m.9 views

CVE-2026-34985

LORIS (Longitudinal Online Research and Imaging System) has an access-control flaw in the media module: from 16.1.0 up to just before 27.0.3 and 28.0.1, the frontend filters access-restricted files but the backend did not enforce access checks, allowing unauthorized users to access a file if the ...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/04/08 6:22 p.m.4 views

CVE-2026-34985 LORIS has incorrect access checks in media module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...

6.3CVSS5.8AI score0.00226EPSS
Exploits0References1
osv
osv
added 2026/04/08 6:22 p.m.3 views

CVE-2026-34985 LORIS has incorrect access checks in media module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...

6.3CVSS6AI score0.00226EPSS
Exploits0References3
Rows per page
Query Builder