7756 matches found
CVE-2026-50279
Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...
CVE-2026-50279 Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap
Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...
CVE-2026-55793
Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...
CVE-2026-55793
Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...
CVE-2026-55793
Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...
CVE-2026-55793 Craft CMS: Stored XSS via Structure entry title in table view
Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...
CVE-2026-53336
A flaw was found in the Linux kernel's nvmem driver. This vulnerability allows a local attacker to trigger a denial of service DoS by providing a specially crafted EEPROM Electrically Erasable Programmable Read-Only Memory entry with an unknown type. This can cause the driver to enter an endless...
CVE-2026-58025
Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...
ECHO-8485-EB04-95E6
Bulletin has no description...
ECHO-C3A9-2B50-4CF0
Bulletin has no description...
ECHO-46C2-195A-D499
Bulletin has no description...
ECHO-3FDB-AA6B-E658
Bulletin has no description...
ECHO-37D3-DE84-142C
Bulletin has no description...
ECHO-DF8C-23F8-6FD2
Bulletin has no description...
ECHO-6D42-5969-E0AD
Bulletin has no description...
CVE-2026-58025
CVE-2026-58025 describes a deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. Affected are MediaWiki versions before 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The issue is linked to deserialization in files: includes/Import/WikiImporter.Php, includes/Import/Wik...
CVE-2026-58025
Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...
GHSA-W5F4-M5JQ-X4XP vulnerabilities
Vulnerabilities for packages: chromium...
CGA-FXH2-7VPC-WCR4
Bulletin has no description...
CGA-CQR6-6P44-XCMX
Bulletin has no description...