Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/05/09 3:35 a.m.48 views

CVE-2026-42069 Kirby: Read access to site, user and role information is not gated by permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

7.1CVSS0.00231EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions prior to Kirby 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the ability to inject dynamic blueprint configurations during the creation of pages, files, and users, which may lead to...

8.8CVSS5.8AI score0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 6:15 p.m.5 views

CVE-2026-21896

Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...

5.8CVSS0.00189EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2606

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.00405EPSS
Exploits0References15
Cvelist
Cvelist
added 2025/05/13 3:7 p.m.39 views

CVE-2025-30159 Kirby vulnerable to path traversal of snippet names in the `snippet()` helper

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the snippet helper or $kirby-snippet method with a dynamic snippet name such as a snippet name that depends on request or user data. Sites that onl...

6.3CVSS0.00577EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-20919 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.9.8.3 Kirby versions prior to 3.10.1.2 Kirby versions prior to 4.7.1 Description: A vulnerability in Kirby affects sites that use the collection helper or $kirby-collection method with a dynamic collection name,...

6.3CVSS6.4AI score0.00477EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.5 views

PT-2025-20912 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.9.8.3 Kirby versions prior to 3.10.1.2 Kirby versions prior to 4.7.1 Description: A vulnerability in Kirby affects setups that use PHP's built-in server, commonly used during local development. This issue allows...

2.3CVSS6.2AI score0.00475EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/08/29 5:55 p.m.24 views

Kirby has insufficient permission checks in the language settings

TL;DR This vulnerability affects all Kirby sites with enabled languages option that might have potential attackers in the group of authenticated Panel users. If you have disabled the languages and/or api option and don't call any methods in your code that cause a write access to languages languag...

8.1CVSS6.4AI score0.00405EPSS
Exploits0References15Affected Software1
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.4 views

Kirby 安全漏洞

Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby that stems from a configuration that does not disable Kirby's APIs and panels, and a user enumeration vulnerability that could affect all Kirby sites with user accounts. The following products and versio...

6.5CVSS6AI score0.00585EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/18 12:0 a.m.6 views

PT-2022-24897 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.5.8.2 Kirby versions prior to 3.6.6.2 Kirby versions prior to 3.7.5.1 Kirby versions prior to 3.8.1 Description: The issue affects Kirby sites with user accounts, unless the API and Panel are disabled in the config. ...

6.5CVSS5.4AI score0.00585EPSS
Exploits0References10
Rows per page
Query Builder