Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-40870

Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30.5 and 0.31.1, the root level commentable field in the API allows access to all commentable resources within the platform, without any permission checks. All Decidim instances are impacted that hav...

7.5CVSS5.6AI score0.00287EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 8:17 p.m.8 views

CVE-2026-40869

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature i...

7.5CVSS0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 8:17 p.m.4 views

CVE-2026-40870

Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30.5 and 0.31.1, the root level commentable field in the API allows access to all commentable resources within the platform, without any permission checks. All Decidim instances are impacted that hav...

7.5CVSS0.00287EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 7:6 p.m.7 views

CVE-2026-40870

The CVE affects the Decidim framework: root-level commentable in the API (under /api) lets unauthenticated users access all commentable resources, bypassing permission checks. Affected versions are 0.0.1 up to but not including 0.30.5 and 0.31.1. The issue is fixed in 0.30.5 and 0.31.1. Mitigatio...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34052

Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30.5 and 0.31.1, the root level commentable field in the API allows access to all commentable resources within the platform, without any permission checks. All Decidim instances are impacted that hav...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References3
CVE
CVE
added 2026/04/13 4:52 p.m.22 views

CVE-2026-23891

Summary (CVE-2026-23891, Decidim) : A stored code execution vulnerability exists in the user name field for Decidim versions

9.3CVSS6.5AI score0.00356EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2024/11/01 6:34 a.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to long-running requests by submitting URLs that take an excessive amount of time to respond via the download method in SuppliedData model. Details Denial of Service DoS describes a family of attacks, all aimed...

8.7CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2022/06/01 7:58 p.m.11 views

GHSA-GP95-PPV5-3JC5 sharp vulnerable to Command Injection in post-installation over build environment

There's a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their...

6.5CVSS6AI score0.0037EPSS
Exploits0References5
NVD
NVD
added 2020/12/09 5:15 p.m.16 views

CVE-2020-26260

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/o...

6.4CVSS6.2AI score0.00827EPSS
Exploits0References3
Prion
Prion
added 2020/12/09 5:15 p.m.24 views

Information disclosure

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/o...

5.5CVSS6.2AI score0.00827EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2020/12/09 12:0 a.m.7 views

BookStack Injection Vulnerability

BookStack is an open source platform for building wiki documentation using PHP and Laravel from the BookStackApp Bookstackapp team. BookStack suffers from a security vulnerability that stems from the fact that in BookStack prior to version 0.30.5, users with edit page permissions could set up the...

6.4CVSS6.6AI score0.00827EPSS
Exploits0References4
Rows per page
Query Builder