28 matches found
EUVD-2026-34929
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the changestatus function. This makes it possible for...
CVE-2026-9719
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the changestatus function. This makes it possible for...
CVE-2026-9719
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the changestatus function. This makes it possible for...
CVE-2026-40099
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...
CVE-2026-40099
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...
EUVD-2026-25370
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...
CVE-2026-40099 Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...
CVE-2026-40099
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...
CVE-2026-40099
Kirby’s page creation API vulnerability allowed authenticated users with pages.create permission but without pages.changeStatus to create published pages by overriding isDraft via REST API. This bypassed normal editorial workflow (new pages are drafts by default) until patches in Kirby 4.9.0 and ...
CVE-2026-34587
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... ...
Kirby 安全漏洞
Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the fact that the changeStatus permission does not take effect during page creation. This could allow authenticated...
Kirby 安全漏洞
Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the fact that the changeStatus permission does not take effect during page creation. This could allow authenticated...
Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter
TL;DR This vulnerability affects all Kirby sites where users have the permission to create pages pages.create permission is enabled but not the permission to change the status of pages pages.changeStatus permission is disabled. This can be due to configuration in the user blueprints, via options ...
GHSA-W942-J9R6-HR6R Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter
TL;DR This vulnerability affects all Kirby sites where users have the permission to create pages pages.create permission is enabled but not the permission to change the status of pages pages.changeStatus permission is disabled. This can be due to configuration in the user blueprints, via options ...
PT-2026-34817
Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description An authorization bypass allows authenticated users to perform actions beyond their configured permissions, leading to privilege escalation. In the REST API, the isDraft fl...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010942)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010942 advisory. In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of...
CVE-2026-27659 CSRF vulnerability in UpdateAccessControlPolicyActiveStatus endpoint
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...
CVE-2025-14034 ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion
The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'deletesingleticketcallback' and 'changeticketstatuscallback' functions in all versions up to, and including, 1.2.6. This makes it...
EUVD-2025-34592
In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: ip nexthop add id 1 via 192.0.2.1 fdb ip nexthop add id 2 group 1 Error: Non FDB nexthop...
CVE-2025-39980 nexthop: Forbid FDB status change while nexthop is in a group
In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: ip nexthop add id 1 via 192.0.2.1 fdb ip nexthop add id 2 group 1 Error: Non FDB nexthop...