Lucene search
K

7 matches found

NVD
NVD
added 2026/05/21 10:16 p.m.14 views

CVE-2026-8237

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 1:25 a.m.33 views

CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

5.3CVSS0.00625EPSS
Exploits0References17
Vulnrichment
Vulnrichment
added 2026/04/14 9:36 p.m.5 views

CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1
CVE
CVE
added 2026/04/14 9:36 p.m.11 views

CVE-2026-33146

Docmost (open-source wiki/docs) contains an authorization bypass vulnerability affecting versions 0.70.0–0.70.2. unauthenticated users can access restricted child page titles and text snippets via the public search endpoint POST /api/search/share-search, exposing content that should be hidden. Th...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/04 1:15 a.m.4 views

CVE-2025-43350

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen...

5.6AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/28 12:0 a.m.4 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 18.1 and Apple iPadOS version 18.1, which originates from the fact th...

6.2CVSS6AI score0.00232EPSS
Exploits0References3
Veracode
Veracode
added 2024/10/14 11:51 a.m.9 views

Information Disclosure

typo3/cms-backend is vulnerable to Information Disclosure. The vulnerability is due to improper access control configuration, which allows backend users to see items in the page tree for restricted pages if no mounts were configured, exposing restricted content to unauthorized users...

4.3CVSS6.6AI score0.00294EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder