9 matches found
LiteLLM 命令注入漏洞
LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Versions of LiteLLM from 1.74.2 to 1.83.7 contained a command injection vulnerability. This vulnerability stemmed from two endpoints used for previewing the MCP server accepting complete...
CVE-2026-25517
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
CVE-2026-25517
Wagtail CVE-2026-25517 involves missing permission checks on admin preview endpoints. Before versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, an admin user who knows a model’s fields can craft a form submission to render previews of pages, snippets, or site settings with arbitrary data. The preview ...
CVE-2026-25517 Wagtail has improper permission handling on admin preview endpoints
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
CVE-2026-25517
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
CVE-2026-25517 Wagtail has improper permission handling on admin preview endpoints
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
Missing Authorization
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Missing Authorization via the preview endpoints in the admin interface. An attacker can obtain unauthorized preview renderings of pages, snippets, or site settings by...
PT-2026-6307
Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 6.3.6 Wagtail versions prior to 7.0.4 Wagtail versions prior to 7.1.3 Wagtail versions prior to 7.2.2 Wagtail versions prior to 7.3 Description Wagtail, an open source content management system built on Django, contai...
PT-2026-6362
Impact Due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data...