Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

RedhatCVE
RedhatCVEadded 2026/03/05 7:30 p.m.3 views

CVE-2026-28781

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

7.1CVSS6AI score0.00326EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/03/04 4:31 p.m.3 views

CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

7.1CVSS6AI score0.00326EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/04 4:31 p.m.3 views

CVE-2026-28781

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

7.1CVSS6AI score0.00326EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blogadded 2026/03/03 9:0 p.m.6 views

Craft CMS: Entries Authorship Spoofing via Mass Assignment

Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign...

7.1CVSS6AI score0.00326EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2026/02/07 9:58 p.m.15 views

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user’s identifier. Affected software: ...

5.3CVSS5.4AI score0.00246EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/07/11 2:27 a.m.3 views

Malicious code in sap-authorid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 09914638ace6a85961e1642543b20472ba7751ceeb7287075487e360881c1ff3 The OpenSSF Package Analysis project identified 'sap-authorid' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
NVD
NVDadded 2008/12/30 8:30 p.m.12 views

CVE-2008-5767

SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter...

7.5CVSS8.4AI score0.00973EPSS
Exploits1References4
Prion
Prionadded 2008/12/30 8:30 p.m.12 views

Sql injection

SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter...

7.5CVSS9.1AI score0.00973EPSS
Exploits1References4
CVE
CVEadded 2008/12/30 8:0 p.m.35 views

CVE-2008-5767

CVE-2008-5767 describes an SQL injection in the authors.asp page of the gNews Publisher, exploitable via the authorID parameter. The underlying issue is improper input handling allowing remote attackers to manipulate SQL queries. The NVD records a CVSSv2 base score of 7.5 (HIGH) with network atta...

7.5CVSS8.4AI score0.00973EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2008/12/30 8:0 p.m.19 views

CVE-2008-5767

SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter...

8.4AI score0.00973EPSS
Exploits1References4
Rows per page
Query Builder