Lucene search
K

7756 matches found

CVE
CVE
added 3 days ago9 views

CVE-2026-50279

Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...

7.6CVSS5.7AI score0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-50279 Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap

Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...

7.6CVSS0.00245EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS0.00412EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-55793

Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-55793 Craft CMS: Stored XSS via Structure entry title in table view

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS0.00412EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-53336

A flaw was found in the Linux kernel's nvmem driver. This vulnerability allows a local attacker to trigger a denial of service DoS by providing a specially crafted EEPROM Electrically Erasable Programmable Read-Only Memory entry with an unknown type. This can cause the driver to enter an endless...

5.7AI score0.00156EPSS
Exploits0References4
NVD
NVD
added 3 days ago6 views

CVE-2026-58025

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

5.9CVSS0.00342EPSS
Exploits0References1
OSV
OSV
added 3 days ago2 views

ECHO-8485-EB04-95E6

Bulletin has no description...

6.5CVSS5.7AI score0.00293EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

ECHO-C3A9-2B50-4CF0

Bulletin has no description...

4.3CVSS5.7AI score0.00164EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

ECHO-46C2-195A-D499

Bulletin has no description...

9.6CVSS5.7AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

ECHO-3FDB-AA6B-E658

Bulletin has no description...

7.5CVSS5.7AI score0.00354EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

ECHO-37D3-DE84-142C

Bulletin has no description...

6.5CVSS5.7AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

ECHO-DF8C-23F8-6FD2

Bulletin has no description...

5.7CVSS5.7AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

ECHO-6D42-5969-E0AD

Bulletin has no description...

4.3CVSS5.7AI score0.00148EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-58025

CVE-2026-58025 describes a deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. Affected are MediaWiki versions before 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The issue is linked to deserialization in files: includes/Import/WikiImporter.Php, includes/Import/Wik...

5.9CVSS5.8AI score0.00342EPSS
Exploits0References1
Debian CVE
Debian CVE
added 3 days ago5 views

CVE-2026-58025

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

5.9CVSS5.8AI score0.00342EPSS
Exploits0
Wolfi
Wolfi
added 3 days ago6 views

GHSA-W5F4-M5JQ-X4XP vulnerabilities

Vulnerabilities for packages: chromium...

5.8AI score
Exploits0
OSV
OSV
added 3 days ago2 views

CGA-FXH2-7VPC-WCR4

Bulletin has no description...

9.8CVSS7.2AI score0.00313EPSS
Exploits0
OSV
OSV
added 3 days ago2 views

CGA-CQR6-6P44-XCMX

Bulletin has no description...

5.4CVSS5.7AI score0.00164EPSS
Exploits0
Rows per page
Query Builder