CVE-2026-8205

Concrete CMS

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from the fact that the actiongetevents function in the calendar block does not check the canView permissions of...

PT-2026-22948

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 and versions prior to 5.9.0-beta.1 Description Craft is a content management system CMS that contains a flaw in the GraphQL directive @parseRefs. This directive, designed to parse internal reference tags,...

Authorization Bypass

silverstripe/reports is vulnerable to Authorization Bypass. The vulnerability is due to a flaw in the implementation of access control mechanisms within the ReportAdmin.php. It allows direct URL access to reports by any user who has access to the reports admin section, irrespective of whether the...

GHSA-52CX-HPC5-CXWC silverstripe/framework missing ACL on reports

The SSReport, and the reports CMS section only checks canView when listing the reports that can be viewed by the current user. It does not and should perform canView checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the...

silverstripe/framework missing ACL on reports

The SSReport, and the reports CMS section only checks canView when listing the reports that can be viewed by the current user. It does not and should perform canView checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the...