56 matches found
CVE-2026-54259
Wagtail (Django-based CMS) has a vulnerability in older branches where the Documents and Images chooser endpoint could show items to users who lack choose permission. Affected versions: < 7.0.8, < 7.3.3, and
11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +202 more potentially affected by CVE-2026-44199 via wagtail (>=1.0.0 <=7.0.0)
wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44199 Source advisory: OSV:PYSEC-2026-148...
11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +202 more potentially affected by CVE-2026-44200 via wagtail (>=1.0.0 <=7.0.0)
wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44200 Source advisory: OSV:PYSEC-2026-149...
aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44201 via wagtail (>=7.1.0 <=7.2.3)
wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44201 Source advisory: OSV:PYSEC-2026-150...
11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +202 more potentially affected by CVE-2026-44201 via wagtail (>=1.0.0 <=7.0.0)
wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44201 Source advisory: OSV:PYSEC-2026-150...
11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +202 more potentially affected by CVE-2026-44197 via wagtail (>=1.0.0 <=7.0.0)
wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44197 Source advisory: OSV:PYSEC-2026-146...
CVE-2026-44201 Wagtail: Improper restriction handling on Documents and Images API
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...
Wagtail 安全漏洞
Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the document and image APIs incorrectly listing items within private collections, potentially...
aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44200 via wagtail (>=7.1.0 <=7.2.3)
wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44200 Source advisory: SNYK:PYTHON-WAGTAIL-16624531...
11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +202 more potentially affected by CVE-2026-44200 via wagtail (>=1.0.0 <=7.0.0)
wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44200 Source advisory: OSV:GHSA-67RV-MG8Q-5PF3...
Wagtail has improper permission handling when copying pages
Impact A CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once copied, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. Patche...
11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +202 more potentially affected by CVE-2026-44201 via wagtail (>=1.0.0 <=7.0.0)
wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44201 Source advisory: OSV:GHSA-P5GM-92H4-6PV6...
11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +202 more potentially affected by CVE-2026-44199 via wagtail (>=1.0.0 <=7.0.0)
wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44199 Source advisory: OSV:GHSA-PWM3-7FV4-G6XX...
aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44198 via wagtail (>=7.1.0 <=7.2.3)
wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44198 Source advisory: SNYK:PYTHON-WAGTAIL-16624533...
aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44198 via wagtail (>=7.1.0 <=7.2.3)
wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44198 Source advisory: OSV:GHSA-C4MR-889M-VGF6...
11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +202 more potentially affected by CVE-2026-44197 via wagtail (>=1.0.0 <=7.0.0)
wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44197 Source advisory: OSV:GHSA-C6WJ-9VCJ-75PJ...
aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44197 via wagtail (>=7.1.0 <=7.2.3)
wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44197 Source advisory: SNYK:PYTHON-WAGTAIL-16624541...
wagtail-liveedit (=0.0.21), wagtail-modeltranslation (>=0.15.0 <=0.15.2) potentially affected by CVE-2026-44197 via wagtail (=7.0.0)
wagtail PYPI version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on wagtail and may be impacted: - wagtail-liveedit =0.0.21 - wagtail-modeltranslation =0.15.0, =0.15.2 Source cves: CVE-2026-44197 Source advisory: SNYK:PYTHON-WAGTAIL-16624541...
aratinga (=0.1.0a0.dev3), coop (=7.1.0) +5 more potentially affected by CVE-2026-28223 via wagtail (>=7.1.0 <=7.1.3)
wagtail PYPI version =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.1.0b0 Source cves: CVE-2026-28223 Source advisory: OSV:GHSA-P4V8-RW59-93CQ...
aratinga (>=0.1.0a0.dev0 <=0.1.0a0.dev2), cjkcms-cache (=2.3.2) +25 more potentially affected by CVE-2026-28223 via wagtail (>=6.4.0 <=7.0.0)
wagtail PYPI version =6.4.0, =0.1.0a0.dev0, =4.0.0, =5.2.0, =2.0.2, =0.1.1771543667, =0.6.0, =0.0.1, =0.0.1, =0.0.1, =2.4.0, =0.0.1, =0.0.2 and more Source cves: CVE-2026-28223 Source advisory: OSV:GHSA-P4V8-RW59-93CQ...