CVE-2026-8240 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...

CVE-2026-8240

Technical details for CVE-2026-8240 are not publicly provided in the supplied documents. No specific affected components, versions, or fixes are listed. Monitor for updates from Concrete CMS and CVE/NVD sources.

CVE-2026-8240 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...

CVE-2026-8240

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...

Concrete CMS 访问控制错误漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier contained a access control vulnerability caused by unvalidated page metadata exposure. This vulnerability could lead to the disclosure of titles, paths, descriptions, and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not corrupt the pfn list when doing batch carry If batch-end is 0, then setting npfns0 before computing the new value of pfns will fail to adjust the pfn, resulting in various page accounting corruptions. This issue...

WordPress plugin 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. WordPress plugins are additional applications that can b...

CVE-2026-1314 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure

The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sendpostpagesjson function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticat...

PT-2026-32993

Name of the Vulnerable Software and Affected Versions 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery versions prior to 1.16.18 Description This plugin for WordPress allows unauthenticated attackers to retrieve flipbook page metadata for draft, private, and...

XWiki REST API - Private Pages Disclosure

A vulnerability in XWiki's REST API allows unauthenticated users to access information about private pages through the pages endpoint. This could lead to disclosure of sensitive information and page metadata. id: CVE-2025-29925 info: name: XWiki REST API - Private Pages Disclosure author:...

Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadermetadata, dataheadertaxonomycategory, and dataheadertaxonomytag parameters. These...

EUVD-2019-4843

Malware in sbrugna...

EUVD-2018-2392

Malware in sbrugna...

EUVD-2023-59848

Malicious code in bioql PyPI...

SUSE CVE-2023-53236

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not corrupt the pfn list when doing batch carry If batch-end is 0 then setting npfns0 before computing the new value of pfns will fail to adjust the pfn and result in various page accounting corruptions. It should be...

Linux Distros Unpatched Vulnerability : CVE-2023-53236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not corrupt the pfn list when doing batch carry If batch-end is 0 then setting...

UBUNTU-CVE-2023-53236

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not corrupt the pfn list when doing batch carry If batch-end is 0 then setting npfns0 before computing the new value of pfns will fail to adjust the pfn and result in various page accounting corruptions. It should be...

CVE-2023-53236 iommufd: Do not corrupt the pfn list when doing batch carry

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not corrupt the pfn list when doing batch carry If batch-end is 0 then setting npfns0 before computing the new value of pfns will fail to adjust the pfn and result in various page accounting corruptions. It should be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from iommufd not properly calculating pfn lists when processing batch operations, which could lead to page metada...

CVE-2021-4351

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...