Lucene search
+L

283 matches found

NVD
NVD
added 2026/07/09 7:17 p.m.6 views

CVE-2026-49274

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the pages field with roles that have the pages.access permission disabled allowed authenticated users to provide an inaccessible parent page or site to the page picker backend and confirm arbitrary page...

5.3CVSS0.00275EPSS
Exploits0References7
CVE
CVE
added 2026/07/09 6:38 p.m.46 views

CVE-2026-49274

CVE-2026-49274 affects Kirby CMS prior to versions 4.9.4 and 5.4.4. When the pages field is used and a role has pages.access disabled, authenticated users could supply an inaccessible parent page or site to the page picker backend, enabling confirmation of page existence and retrieval of title fi...

5.3CVSS5.9AI score0.00275EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 7:16 p.m.3 views

CVE-2026-48948

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

8.8CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2026/07/07 7:16 p.m.9 views

CVE-2026-48948

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

8.8CVSS0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/07 5:29 p.m.8 views

CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 5:29 p.m.32 views

CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 5:29 p.m.13 views

CVE-2026-48948

CVE-2026-48948: Joomla! Core vulnerability in the com_contact vCard download suffered from an improper access check, enabling a user to download vCard exports for contacts that should be inaccessible. The issue is in Joomla core functionality (com_contact) and is described across multiple feeds (...

8.8CVSS6AI score0.0024EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/07 5:29 p.m.6 views

EUVD-2026-42061

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:29 p.m.6 views

CVE-2026-48948

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56221

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com contact component allows a user to download vCard exports of contacts that should be inaccessible. Recommendations At the moment, there is no...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 9:41 a.m.3 views

CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS6AI score0.00207EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:22 p.m.8 views

CVE-2026-9248

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...

2.6CVSS5.8AI score0.00129EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42794

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...

5.8AI score0.00129EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/xe/vf: Do not expose sysfs attributes that are not applicable to VFs. VFs cannot read the BMGPCIECAP0x138340 register, nor can they access the PCODE which is already guarded by the info.skippcode flag. Therefore, we should...

5.5AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 6:10 a.m.8 views

BIT-GITLAB-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

4.3CVSS5.8AI score0.00199EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 6:16 a.m.17 views

CVE-2026-3074

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

4.3CVSS0.00199EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.8 views

CVE-2026-3074

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

4.3CVSS5.8AI score0.00199EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 5:36 a.m.7 views

CVE-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

4.3CVSS5.8AI score0.00199EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/14 5:36 a.m.45 views

CVE-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

4.3CVSS0.00199EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 5:36 a.m.13 views

EUVD-2026-30225

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

4.3CVSS5.8AI score0.00199EPSS
Exploits0References3
Rows per page
Query Builder