Lucene search
+L

4 matches found

Cvelist
Cvelist
added yesterday25 views

CVE-2026-45334 Kirby: Content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the content-locking feature returned lock information without checking the requesting user's access permissions. Kirby's Panel includes a content-locking feature that records which user currently has a model...

5.3CVSS0.00033EPSS
Exploits0References2
CVE
CVE
added yesterday15 views

CVE-2026-45334

Kirby CMS (versions < 4.9.1 and

5.3CVSS6AI score0.00033EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 5:23 p.m.27 views

Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...

5.3CVSS5.6AI score0.00033EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/27 5:23 p.m.10 views

GHSA-39VQ-49QM-R2MC Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...

5.3CVSS5.6AI score0.00033EPSS
Exploits0References4
Rows per page
Query Builder