16 matches found
CVE-2026-54260
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...
CVE-2026-54263
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...
CVE-2026-54260
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...
PYSEC-2026-147
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...
PYSEC-2026-149
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it...
CVE-2026-44199
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to f...
PYSEC-2026-146
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...
PYSEC-2026-146
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...
CVE-2026-44200 Wagtail: Improper permission handling when copying pages
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it...
CVE-2026-44197 Wagtail: Improper permission handling when comparing revisions
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...
alertwise (=1.0.0), cjkcms-seo (=2.4.0) +18 more potentially affected by CVE-2026-28223 via wagtail (>=6.0.0 <=6.3.1)
wagtail PYPI version =6.0.0, =6.0.0, =2.1.0, =0.1.1, =1.9.0, =2.8.0, =0.0.9, =0.14.0, =0.6.0, =0.7.0 - wagtail-sb-codefield =0.4.0 - wagtail-sb-fontawesome =0.3.0 and more Source cves: CVE-2026-28223 Source advisory: SNYK:PYTHON-WAGTAIL-15371182...
EUVD-2023-0277
Malicious code in bioql PyPI...
CVE-2024-39317 Wagtail regular expression denial-of-service via search query parsing
Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...
PYSEC-2023-219
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...
Input validation
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...
PYSEC-2022-13
Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that ...