CVE-2026-44012 Craft CMS: Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure

Craft CMS is a content management system CMS. From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking...

Squiz Matrix User Enumeration Scanner

This module attempts to enumerate remote users that exist within the Squiz Matrix and MySource Matrix CMS by sending GET requests for asset IDs e.g. ?a=14 and searching for a valid username eg "root" or "test" which is prefixed by a "" in the response. It will also try to GET the users full name ...

CVE-2008-3717

Harmoni before 1.6.0 does not require administrative privileges to list 1 user names or 2 asset ids, which allows remote attackers to obtain sensitive information...

CVE-2008-3717

CVE-2008-3717 : The Harmoni application (before version 1.6.0) allows remote attackers to obtain sensitive information by listing (1) user names and (2) asset IDs without requiring administrative privileges. The NVD entry documents a confidentiality impact (partial) with network access and no aut...