CVE-2025-70363

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

Ibexa eZ Platform 安全漏洞

Ibexa eZ Platform is a content management system and website building tool provided by the Norwegian company Ibexa. The Ibexa eZ Platform 2.x version has a security vulnerability, which stems from improper access control in the REST API. This vulnerability could allow unverified attackers to acce...

CVE-2025-70363

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

CVE-2025-67719

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

PT-2023-33002 · Ez Systems +1 · Ezpublish-Kernel +2

Name of the Vulnerable Software and Affected Versions: Ibexa DXP and eZ Platform affected versions not specified ezsystems/ezpublish-kernel affected versions not specified Description: The issue allows specifying the name of the downloaded file in the route used for file downloads, which could le...

CVE-2022-25337

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames...