Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access or list pages or files pages.access, pages.list, files.access or files.list permission is disabled. This can be due to configuration in the user blueprints, via options in the model...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization inconsistent permission checks for pages.access, pages.list, files.access, and files.list in the Panel and REST API. An attacker can gain unauthorized access to content or sensitive information by exploiting...

GHSA-85X2-R8XV-WW8C Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access or list pages or files pages.access, pages.list, files.access or files.list permission is disabled. This can be due to configuration in the user blueprints, via options in the model...

CVE-2026-40104

CVE-2026-40104 affects XWiki Platform. A resource exhaustion vulnerability exists in REST API endpoints (for example, /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties) that return metadata listing all pages without query lim...

EUVD-2025-30613

Malicious code in bioql PyPI...

CVE-2025-58219

Cross-Site Request Forgery CSRF vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through = 1.2.0...

CVE-2025-58219

Cross-Site Request Forgery CSRF vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through = 1.2.0...

WordPress Show Pages List Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Show Pages List versions = 1.2.0...

CVE-2025-58219 WordPress Show Pages List Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through = 1.2.0...

CVE-2025-58219

CVE-2025-58219: CSRF in WordPress plugin Show Pages List (LIJE Show Pages List) affecting

CVE-2025-58219 WordPress Show Pages List Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through = 1.2.0...

WordPress plugin LIJE Show Pages List 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plug...