Lucene search
+L

18 matches found

NVD
NVD
added 2026/07/09 7:17 p.m.10 views

CVE-2026-54004

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS0.00312EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/09 6:42 p.m.6 views

CVE-2026-54004

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/09 6:42 p.m.33 views

CVE-2026-54004 Kirby: Access to files of top-level drafts is not protected by permissions

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS0.00312EPSS
Exploits0References5
CVE
CVE
added 2026/07/09 6:42 p.m.24 views

CVE-2026-54004

CVE-2026-54004 affects Kirby CMS. Prior to version 4.9.4 and 5.4.4, when content.fileRedirects is enabled, clean file URLs for files stored in top-level draft pages could be redirected to physical media URLs without verifying draft page permissions or preview tokens, potentially disclosing draft ...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References5
OSV
OSV
added 2026/07/09 6:42 p.m.6 views

CVE-2026-54004 Kirby: Access to files of top-level drafts is not protected by permissions

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS6.1AI score0.00312EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/18 3:5 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the content.fileRedirects process. An attacker can gain unauthorized access to files in top-level drafts by directly requesting clean file URLs, bypassing authentication and authorization checks. This is only...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1313

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01073EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-32476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6,...

7.5CVSS7.4AI score0.01073EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:10 a.m.19 views

BIT-MOODLE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

7.5CVSS6.6AI score0.01073EPSS
Exploits0References2
OSV
OSV
added 2022/03/12 12:0 a.m.18 views

GHSA-4QXC-QXRP-33CW Moodle denial-of-service risk in the draft files area

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

7.5CVSS6.6AI score0.01073EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.29 views

Moodle denial-of-service risk in the draft files area

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

7.5CVSS6.6AI score0.01073EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/03/11 6:15 p.m.44 views

CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

7.5CVSS7.1AI score0.01073EPSS
Exploits0References2
OSV
OSV
added 2022/03/11 6:15 p.m.3 views

UBUNTU-CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

7.5CVSS7.1AI score0.01073EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/03/11 12:0 a.m.35 views

CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

7.7AI score0.01073EPSS
Exploits0References1
CVE
CVE
added 2022/03/11 12:0 a.m.117 views

CVE-2021-32476

CVE-2021-32476 is a denial-of-service vulnerability in Moodle related to the draft files area not enforcing user file upload limits. Affected versions include Moodle 3.10.x up to 3.10.3, 3.9.x up to 3.9.6, 3.8.x up to 3.8.8, 3.5.x up to 3.5.17 and other unsupported releases. The connected sources...

7.5CVSS6.4AI score0.01073EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/10 12:0 a.m.10 views

PT-2021-3117 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 to 3.5.17 Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 Description: A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload...

9.8CVSS6.1AI score0.52299EPSS
Exploits19References105
NVD
NVD
added 2020/07/15 9:15 p.m.32 views

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

8.8CVSS0.01837EPSS
Exploits0References1
OSV
OSV
added 2020/07/15 9:15 p.m.16 views

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

8.8CVSS6.9AI score0.01837EPSS
Exploits0References1
Rows per page
Query Builder