7 matches found
Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap
Summary EntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model. The subsequent author mutation path accepts attacker-supplied authors / author parameters and allows the change when the current user is one of the o...
CVE-2026-50279
Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...
CVE-2026-50279 Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap
Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...
CVE-2026-34593
Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...
CVE-2025-39742
CVE-2025-39742 - RDMA: hfi1 divide-by-zero in find_hw_thread_mask() (Linux kernel) Affects: Linux kernel RDMA hfi1 path; vulnerability arises from dividing the number of online CPUs by num_core_siblings, followed by a zero-division check. Root cause: division performed before validating the divis...
SUSE CVE-2024-56368
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix overflow in rbmapvma An overflow occurred when performing the following calculation: nrpages = nrsubbufs + 1 dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x116/0x1f0 lib/dumpstack.c:120 printaddressdescriptio...
CLSA-2023-1693418632 openssl: Fix of CVE-2023-3817
CVE-2023-3817: Add a prior check and process only correct DH keys...