4 matches found
CVE-2026-28380
Any Editor could delete any snapshot, even if they have no access to read or write them...
CVE-2026-28380
Any Editor could delete any snapshot, even if they have no access to read or write them...
GHSA-X597-9FR4-5857 Hugo's Node tool execution allows file system access outside the project directory
Impact When building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could allow code running through these tools to read or write...
UBUNTU-CVE-2024-37147
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...