Lucene search
K

33 matches found

CVE
CVE
added 2 days ago6 views

CVE-2026-54262

Wagtail’s CVE-2026-54262 affects the translation feature. In versions before 7.0.8, 7.3.3, and 7.4.2, a user with the can submit translation permission could create translations for any page, including pages they lack access to. The root cause is described as a permission/authorization issue rela...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 10:52 a.m.31 views

CVE-2026-47350 TYPO3 CMS - Broken Access Control in DataHandler

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:52 a.m.9 views

CVE-2026-47350 TYPO3 CMS - Broken Access Control in DataHandler

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 2:41 p.m.22 views

CVE-2026-44200

CVE-2026-44200 Overview (Wagtail) : Wagtail (Django-based CMS) had a permission flaw where a user with limited access to pages could copy a page they cannot access to a location they can, then view its contents and potentially publish it. The root cause was that source-page permissions were not e...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/24 1:16 a.m.6 views

CVE-2026-40099

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

6.5CVSS0.00275EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 12:34 a.m.7 views

EUVD-2026-25370

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

5.3CVSS5.2AI score0.00275EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001576)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001576 advisory. arch/x86/kvm/mmu/pagingtmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection...

5.5CVSS6.5AI score0.00469EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/19 5:41 p.m.3 views

CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...

6.8CVSS6.4AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-24909

Malware in sbrugna...

7.8CVSS7.6AI score0.0021EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-8823

Malware in sbrugna...

9.3CVSS7.1AI score0.00833EPSS
Exploits0References7
OSV
OSV
added 2023/07/19 10:11 p.m.19 views

GHSA-9436-3GMP-4F53 grav Server-side Template Injection (SSTI) mitigation bypass

Summary The fix for SSTI using |map, |filter and |reduce twigs implemented in the commit 71bbed1 introduces bypass of the denylist due to incorrect return value from isDangerousFunction, which allows to execute the payload prepending double backslash \ Details The isDangerousFunction check in...

7.2CVSS8AI score0.02259EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.10 views

PT-2023-24777 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.42 Description: The issue concerns a flat-file content management system where the denylist, introduced to prevent the execution of dangerous functions via malicious template injection, was insufficient. This allowe...

8.8CVSS7.7AI score0.02074EPSS
Exploits1References13
CNNVD
CNNVD
added 2023/02/17 12:0 a.m.6 views

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from an insufficient restriction of start page preferences, which can be exploite...

8.2CVSS6.3AI score0.00957EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.6 views

SUSE CVE-2015-8967

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access...

9.3CVSS6.9AI score0.00833EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.3 views

SUSE CVE-2021-38198

arch/x86/kvm/mmu/pagingtmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault...

7.8CVSS6.4AI score0.00469EPSS
Exploits1References38
CNNVD
CNNVD
added 2021/08/20 12:0 a.m.7 views

TotoLink A702r 安全漏洞

TOTOLINK A702r is a router device from China-based Gion Electronics TOTOLINK.A security vulnerability exists in TOTOLINK A702r, which stems from the product's login page that does not add effective permission control for directory access. An attacker can access the /add/, /img/, /js/, /mobile...

5.3CVSS5.6AI score0.00815EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/08 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a failure to properly access permissions flaw in the shadow page in arch/x86/kvm/mmu/pagingtmpl.h. By sending a build request, a local attacker could exploit this flaw t...

5.5CVSS6.6AI score0.00469EPSS
Exploits1References22
OSV
OSV
added 2021/08/05 8:15 p.m.2 views

UBUNTU-CVE-2021-29971

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 90...

9.8CVSS7.3AI score0.01022EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/12/09 4:20 p.m.17 views

CVE-2020-26260 Server Side Request Forgery in BookStack

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/o...

6.4CVSS6.2AI score0.00827EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/11/03 9:0 p.m.29 views

CVE-2020-26211 Cross-Site Scripting in BookStack

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

7.7CVSS8.5AI score0.01083EPSS
Exploits0References4
Rows per page
Query Builder