3 matches found
@studiocms/migrator (>=0.2.0 <=0.2.1) potentially affected by CVE-2026-32104 via studiocms (>=0.2.0 <=0.3.0)
studiocms NPM version =0.2.0, =0.2.0, =0.2.1 Source cves: CVE-2026-32104 Source advisory: SNYK:JS-STUDIOCMS-15665373...
CVE-2026-32104
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...
CVE-2026-32104
creationtimestamp| type| source ---|---|--- 2026-03-11 14:50:34+00:00| published-proof-of-concept| https://github.com/withstudiocms/studiocms/security/advisories/GHSA-9v82-xrm4-mp52...