Lucene search
+L

33 matches found

osv
osv
‱added 2026/07/07 7:16 p.m.‱2 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

4.9CVSS6.1AI score
Exploits0References1
cvelist
cvelist
‱added 2026/07/07 5:32 p.m.‱33 views

CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS0.00197EPSS
Exploits0References1
attackerkb
attackerkb
‱added 2026/07/07 5:32 p.m.‱8 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References2Affected Software1
euvd
euvd
‱added 2026/07/07 5:32 p.m.‱7 views

EUVD-2026-42069

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
ptsecurity
ptsecurity
‱added 2026/07/07 12:0 a.m.‱6 views

PT-2026-56220

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com media webservice endpoints allows privileged users to overwrite media files even if they lack the necessary editing permissions. Recommendations At th...

6.4CVSS6.1AI score0.00197EPSS
Exploits0References6
osv
osv
‱added 2026/06/08 12:5 p.m.‱3 views

CVE-2026-7186 Fix stored XSS in URL dashboard widget via dangerous URI schemes

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.8AI score0.00136EPSS
Exploits0References3
ptsecurity
ptsecurity
‱added 2026/06/08 12:0 a.m.‱15 views

PT-2026-47284

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References2
snyk
snyk
‱added 2026/05/29 1:18 p.m.‱8 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Projects component when displaying project tags and popovers in administrative detail views due to improper sanitization of user-supplied project names. An attacker can execute arbitrary scripts in the...

9.4CVSS5.8AI score0.00164EPSS
Exploits0References2
euvd
euvd
‱added 2026/04/14 8:2 p.m.‱8 views

EUVD-2026-22357

October Rain has a Twig Sandbox Bypass via Collection Methods...

4.9CVSS5.8AI score0.00395EPSS
Exploits2References2
osv
osv
‱added 2026/04/14 8:2 p.m.‱4 views

GHSA-M5QG-JC75-4JP6 October Rain has a Twig Sandbox Bypass via Collection Methods

A sandbox bypass vulnerability was identified in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Impact - Bypass of Twig sandbox...

4.9CVSS5.8AI score0.00395EPSS
Exploits2References3
github
github
‱added 2026/04/14 8:2 p.m.‱8 views

October Rain has a Twig Sandbox Bypass via Collection Methods

A sandbox bypass vulnerability was identified in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Impact - Bypass of Twig sandbox...

6.8CVSS5.8AI score0.00395EPSS
Exploits2References3Affected Software1
snyk
snyk
‱added 2026/04/14 8:2 p.m.‱3 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the collect process. An attacker can gain unauthorized access to restricted template functionality by leveraging insufficient sandbox restrictions when authenticated with backend access and template editi...

6.9CVSS5.7AI score0.00395EPSS
Exploits2References3
osv
osv
‱added 2026/03/27 7:11 a.m.‱13 views

BIT-DISCOURSE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0, 2026.2.1, and 2026.1....

3.8CVSS5.9AI score0.0016EPSS
Exploits0References2
cvelist
cvelist
‱added 2026/03/10 7:59 p.m.‱28 views

CVE-2026-29176 Craft Commerce has Stored XSS in Inventory Location Name

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an...

4.8CVSS0.00234EPSS
Exploits0References2
attackerkb
attackerkb
‱added 2026/01/15 11:25 p.m.‱2 views

CVE-2021-47788

WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code executi...

8.8CVSS6.8AI score0.00868EPSS
Exploits1References3Affected Software1
euvd
euvd
‱added 2025/10/07 12:30 a.m.‱7 views

EUVD-2018-10822

Malware in sbrugna...

8.8CVSS8.8AI score0.01771EPSS
Exploits1References2
euvd
euvd
‱added 2025/10/03 8:7 p.m.‱5 views

EUVD-2024-47762

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00373EPSS
Exploits0References3
cvelist
cvelist
‱added 2025/09/09 6:51 p.m.‱9 views

CVE-2025-55729 XWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can edit any page The...

10CVSS0.00684EPSS
Exploits0References4
ptsecurity
ptsecurity
‱added 2025/08/13 12:0 a.m.‱4 views

PT-2025-33271

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0 Description: A stored Cross-Site Scripting XSS issue exists in the chart visualization feature. An authenticated user with chart editing permissions can inject a malicious payload into a column's label...

5.5CVSS6.4AI score0.00662EPSS
Exploits0References14
github
github
‱added 2025/04/10 12:25 p.m.‱62 views

ezsystems/ezplatform-richtext allows access to external entities in XML

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

6.6AI score
Exploits0References4Affected Software1
Rows per page
Query Builder