CVE-2026-44201

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

PYSEC-2026-150

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

CVE-2026-44201 Wagtail: Improper restriction handling on Documents and Images API

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

PT-2026-39236

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Description The Documents and Images API incorrectly lists items in private collections, allowing a user with API access to view the filename and name of documents and images stor...

EUVD-2023-53818

Malicious code in bioql PyPI...

CVE-2025-59686

Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id...

com.ritense.valtimo:besluit (>=10.0.0.RELEASE <=12.15.1.RELEASE), com.ritense.valtimo:besluiten-api (>=0.0.0 <=12.15.1.RELEASE) +66 more potentially affected by CVE-2025-58059 via com.ritense.valtimo:core (>=0.0.0-test <=12.15.1.RELEASE)

com.ritense.valtimo:core MAVEN version =0.0.0-test, =10.0.0.RELEASE, =0.0.0, =0.0.0, =10.0.0.RELEASE, =0.0.0, =0.0.0, =0.0.0, =10.0.0.RELEASE, =0.0.0, =0.0.0, =10.0.0.RELEASE, =10.0.0.RELEASE, =0.0.0, =12.15.1.RELEASE and more Source cves: CVE-2025-58059 Source advisory: OSV:GHSA-W48J-PP7J-FJ55...

SQL Injection

Overview org.xwiki.platform:xwiki-platform-oldcore is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of this package are vulnerable to SQL Injection via the searchDocuments API. An attacker can execute arbitrary SQL queries on the underlyi...

CVE-2023-49923

An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released...

CVE-2023-49923

Elastic App Search’s Documents API logged raw indexed document contents at INFO, risking leakage of sensitive data in logs. Affected versions: Enterprise Search/App Search before 7.17.16 and before 8.11.2. Root cause: logging those contents at INFO; fix: log at DEBUG (disabled by default) in 7.17...

Enterprise Search 8.11.2 / 7.17.16 Security Update (ESA-2023-31)

Enterprise Search Insertion of Sensitive Information into Log File ESA-2023-31 An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion o...

PT-2023-31412 · Elastic · App Search

Name of the Vulnerable Software and Affected Versions: Elastic App Search versions prior to 7.17.16 Elastic App Search versions prior to 8.11.2 Description: An issue was discovered in the Documents API of App Search where it logged the raw contents of indexed documents at INFO log level. This cou...