4 matches found
CVE-2026-28696
Craft CMS is affected by CVE-2026-28696 due to missing authorization in the GraphQL directive @parseRefs. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, authenticated users and unauthenticated guests (when Public Schema is enabled) could read sensitive attributes of CMS elements by abusing {type:ID:fie...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to Craft CMS 4.17.0-beta.1 and 5.9.0-beta.1 contained security vulnerabilities. These vulnerabilities stemmed from a lack of authorization checks in GraphQL directives like @parseRefs, which could allow...
Template Injection
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Template Injection via the Twig function blocklist bypass. An attacker can execute arbitrary code, read files, or perform server-side request forgery by invoking unblocked PHP functions throu...
@chargeover/strapi (=0.0.1-rc1.1), @cowprotocol/cms (=0.1.0-rc.5) +14 more potentially affected by CVE-2024-34065 via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.1.9)
@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =0.0.1, =0.1.0, =0.1.10 - strapi-voting =0.2.1 - strapigo =0.1.0 - sveltekit-strapi =0.1.0 and more Source cves: CVE-2024-34065 Source advisory: OSV:GHSA-WRVH-RCMR-9QFC...