Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/26 11:47 p.m.7 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the REST API search and collection query endpoints. An attacker can execute arbitrary methods on model objects by supplying crafted queries, potentiall...

8.8CVSS6AI score0.0007EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43450

TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The attack requires an authenticated Panel user with update permission to any list field or list block. This vulnerability is of high severity fo...

8.5CVSS5.7AI score0.0004EPSS
Exploits0References5
NVD
NVD
added 2026/02/27 11:16 p.m.7 views

CVE-2026-28425

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...

8CVSS0.00428EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47416

Name of the Vulnerable Software and Affected Versions Kirby versions 5.0.0 through 5.1.3 Description Kirby is a content management system. Attackers could modify the title of any page or the name of any user to a malicious string. Subsequently, they could alter any content field of the same model...

5.1CVSS6.1AI score0.00156EPSS
Exploits0References6
Rows per page
Query Builder