CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

NVD•added 2026/04/21 5:16 p.m.•1 views

CVE-2026-41190

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APPSHOWONLYASSIGNEDCONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The savedraft AJAX path is weaker. A direct POST can create a dra...

7.1CVSS0.00032EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2010-4771

Malware in sbrugna...

4CVSS6.4AI score0.00121EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 4:25 p.m.•5 views

CVE-2020-15821

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft...

6.5CVSS6.8AI score0.00002EPSS

Exploits0

RedhatCVE•added 2025/05/22 12:29 p.m.•5 views

CVE-2010-4806

The authoring tool in IBM Web Content Manager WCM 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges...

4CVSS6.4AI score0.00121EPSS

Exploits0References1

RedhatCVE•added 2025/05/21 10:37 p.m.•10 views

CVE-2006-7219

eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft...

4CVSS6.7AI score0.00195EPSS

Exploits0References1

NVD•added 2023/09/15 8:15 p.m.•17 views

CVE-2023-38706

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server...

6.5CVSS6.3AI score0.00292EPSS

Exploits1References1

Veracode•added 2017/07/28 10:45 a.m.•31 views

Bypass Access Restrictions

Wordpress is vulnerable to bypassing access restrictions. The bypass is possible because the application does not properly check the editposts capability for auto-draft creation actions...

4CVSS6.1AI score0.48368EPSS

Exploits1References10Affected Software2

Prion•added 2015/08/03 2:59 p.m.•25 views

Design/Logic Flaw

WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...

4CVSS6.6AI score0.48368EPSS

Exploits1References8Affected Software2

CNVD•added 2015/07/31 12:0 a.m.•5 views

WordPress Draft Creation Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. WordPress has a security vulnerability, users with Subscriber rights can create drafts through the Quick Draft feature...

4CVSS6.7AI score0.48368EPSS

Exploits1References1

NVD•added 2011/05/26 4:55 p.m.•12 views

CVE-2010-4806

4CVSS6AI score0.00121EPSS

Exploits0References2