283 matches found
CVE-2026-49274
Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the pages field with roles that have the pages.access permission disabled allowed authenticated users to provide an inaccessible parent page or site to the page picker backend and confirm arbitrary page...
CVE-2026-49274
CVE-2026-49274 affects Kirby CMS prior to versions 4.9.4 and 5.4.4. When the pages field is used and a role has pages.access disabled, authenticated users could supply an inaccessible parent page or site to the page picker backend, enabling confirmation of page existence and retrieval of title fi...
CVE-2026-48948
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948
CVE-2026-48948: Joomla! Core vulnerability in the com_contact vCard download suffered from an improper access check, enabling a user to download vCard exports for contacts that should be inaccessible. The issue is in Joomla core functionality (com_contact) and is described across multiple feeds (...
EUVD-2026-42061
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
PT-2026-56221
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com contact component allows a user to download vCard exports of contacts that should be inaccessible. Recommendations At the moment, there is no...
CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...
CVE-2026-9248
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...
PT-2026-42794
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/xe/vf: Do not expose sysfs attributes that are not applicable to VFs. VFs cannot read the BMGPCIECAP0x138340 register, nor can they access the PCODE which is already guarded by the info.skippcode flag. Therefore, we should...
BIT-GITLAB-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
EUVD-2026-30225
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...