10 matches found
CVE-2026-42069 Kirby: Read access to site, user and role information is not gated by permissions
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...
Kirby 安全漏洞
Kirby is a set of open-source content management systems based on files. Versions prior to Kirby 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the ability to inject dynamic blueprint configurations during the creation of pages, files, and users, which may lead to...
CVE-2026-21896
Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...
EUVD-2024-2606
Malicious code in bioql PyPI...
CVE-2025-30159 Kirby vulnerable to path traversal of snippet names in the `snippet()` helper
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the snippet helper or $kirby-snippet method with a dynamic snippet name such as a snippet name that depends on request or user data. Sites that onl...
PT-2025-20919 · Kirby · Kirby
Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.9.8.3 Kirby versions prior to 3.10.1.2 Kirby versions prior to 4.7.1 Description: A vulnerability in Kirby affects sites that use the collection helper or $kirby-collection method with a dynamic collection name,...
PT-2025-20912 · Kirby · Kirby
Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.9.8.3 Kirby versions prior to 3.10.1.2 Kirby versions prior to 4.7.1 Description: A vulnerability in Kirby affects setups that use PHP's built-in server, commonly used during local development. This issue allows...
Kirby has insufficient permission checks in the language settings
TL;DR This vulnerability affects all Kirby sites with enabled languages option that might have potential attackers in the group of authenticated Panel users. If you have disabled the languages and/or api option and don't call any methods in your code that cause a write access to languages languag...
Kirby 安全漏洞
Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby that stems from a configuration that does not disable Kirby's APIs and panels, and a user enumeration vulnerability that could affect all Kirby sites with user accounts. The following products and versio...
PT-2022-24897 · Kirby · Kirby
Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.5.8.2 Kirby versions prior to 3.6.6.2 Kirby versions prior to 3.7.5.1 Kirby versions prior to 3.8.1 Description: The issue affects Kirby sites with user accounts, unless the API and Panel are disabled in the config. ...