Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/07/02 6:45 p.m.11 views

Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap

Summary EntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model. The subsequent author mutation path accepts attacker-supplied authors / author parameters and allows the change when the current user is one of the o...

7.6CVSS5.8AI score0.00245EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/01 11:31 p.m.12 views

CVE-2026-50279

Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...

7.6CVSS5.7AI score0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 11:31 p.m.36 views

CVE-2026-50279 Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap

Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...

7.6CVSS0.00245EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:42 p.m.5 views

CVE-2026-34593

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS5.8AI score0.00423EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/09/11 4:52 p.m.32 views

CVE-2025-39742

CVE-2025-39742 - RDMA: hfi1 divide-by-zero in find_hw_thread_mask() (Linux kernel) Affects: Linux kernel RDMA hfi1 path; vulnerability arises from dividing the number of online CPUs by num_core_siblings, followed by a zero-division check. Root cause: division performed before validating the divis...

5.5CVSS6.1AI score0.0016EPSS
Exploits0References12Affected Software1
SUSE CVE
SUSE CVE
added 2025/01/12 12:15 a.m.5 views

SUSE CVE-2024-56368

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix overflow in rbmapvma An overflow occurred when performing the following calculation: nrpages = nrsubbufs + 1 dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x116/0x1f0 lib/dumpstack.c:120 printaddressdescriptio...

6.7CVSS7.8AI score0.0017EPSS
Exploits0References3
OSV
OSV
added 2023/08/30 6:3 p.m.6 views

CLSA-2023-1693418632 openssl: Fix of CVE-2023-3817

CVE-2023-3817: Add a prior check and process only correct DH keys...

5.3CVSS6.8AI score0.02577EPSS
Exploits0References1
Rows per page
Query Builder