CVE-2026-21896

Kirby (CMS) versions 5.0.0–5.2.1 contain missing permission checks in the content changes API. This allows attackers with Panel access to manipulate the changes version or content fields, potentially creating editing locks, injecting content, or discarding edits across any model, when user permis...

CVE-2026-21896 Kirby is missing permission checks in the content changes API

Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...

EUVD-2026-1473

Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...

CVE-2026-21896 Kirby is missing permission checks in the content changes API

Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...

CVE-2025-61547

Cross-Site Request Forgery CSRF is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into...

CVE-2026-22230 OPEXUS eCASE Audit incorrect access control

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...

AZL-73676 CVE-2025-14017 affecting package curl for versions less than 8.11.1-5

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

rustfs 安全漏洞

rustfs is a high-performance object storage system from the RustFS open source. A security vulnerability exists in versions prior to rustfs 1.0.0-alpha.79 that stems from the use of ExportIAMAction instead of ImportIAMAction to validate permissions, which could lead to unauthorized IAM...

PT-2026-2112

Name of the Vulnerable Software and Affected Versions NiceGUI versions 2.22.0 through 3.4.1 Description NiceGUI is a Python-based UI framework. An unsafe implementation in the pushstate event listener used by ui.sub pages allows an attacker to manipulate the fragment identifier of the URL, even...

PT-2026-2126

Name of the Vulnerable Software and Affected Versions Kirby versions 5.0.0 through 5.2.1 Description Kirby is an open-source content management system. Versions 5.0.0 through 5.2.1 are missing permission checks in the content changes API. This affects Kirby sites where user permissions are...

Kirby 安全漏洞

Kirby is a file-based content management system CMS from Kirby Open Source. A security vulnerability exists in Kirby versions 5.0.0 through 5.2.1, which stems from a lack of permission checking in the Content Change API that could lead to unauthorized changes...

CVE-2025-69263 pnpm Lockfile Integrity Bypass Allows Remote Dynamic Dependencies

pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies and git-hosted tarballs in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package...

CVE-2025-69263 pnpm Lockfile Integrity Bypass Allows Remote Dynamic Dependencies

pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies and git-hosted tarballs in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package...

GHSA-7VHP-VF5G-R2FW pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies

Summary HTTP tarball dependencies and git-hosted tarballs are stored in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. Details When a package depends on an HTTP tarball URL, pnpm's tarball resolve...

pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies

Summary HTTP tarball dependencies and git-hosted tarballs are stored in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. Details When a package depends on an HTTP tarball URL, pnpm's tarball resolve...

CVE-2025-31963

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

CVE-2025-31963

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users...

CVE-2017-6917

CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed...

CVE-1999-0361

NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging...