10 matches found
EUVD-2026-34939
The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...
CVE-2026-8240 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
GHSA-62CH-J6X7-722J Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature
Security Advisory — Page Content Retrieval Improper Authorization Summary An improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...
EUVD-2025-6735
Malicious code in bioql PyPI...
CVE-2025-54144
Summary: CVE-2025-54144 affects Firefox for iOS before version 141. The URL scheme used to facilitate searching of text queries could be abused to open arbitrary website URLs or internal pages if a user is tricked into clicking a link. This is described as a security bypass in Firefox for iOS pri...
CVE-2025-29925
XWiki Platform REST API vulnerability CVE-2025-29925: the /rest/wikis/[wikiName]/pages endpoint could disclose information about protected/private pages to unauthenticated users before fixes. The issue occurs because the endpoint listed pages even when the user had no view rights, notably when th...
CVE-2022-43841
IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078...
WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
Description The Latest Posts block in the WordPress editor can be exploited in a way that exposes password-protected posts and pages via the posts REST API when the "edit" context was used. This requires at least contributor privileges. PoC 1. As one user, create a new password protected post...
Catalyst Mahara Information Disclosure Vulnerability (CNVD-2017-36220)
Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara. An attacker can exploit the vulnerability to receive and view watchlist notifications about pages...
CVE-2001-0926
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages .jsp and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an include statement...