CVE-2026-34587

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... ...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the fact that the changeStatus permission does not take effect during page creation. This could allow authenticated...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the fact that the changeStatus permission does not take effect during page creation. This could allow authenticated...

PT-2026-34817

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description An authorization bypass allows authenticated users to perform actions beyond their configured permissions, leading to privilege escalation. In the REST API, the isDraft fl...

appRain CMF SQL Injection Vulnerability (CNVD-2025-21133)

appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-static-pages/create. An attacker could use this...

CVE-2025-41044

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataPagename' parameter in /apprain/page/manage-static-pages/create...

CVE-2025-41033

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

CVE-2025-41034

Summary: CVE-2025-41034 concerns an SQL injection in appRain CMF 4.0.5. The vulnerability arises from lack of validation of the input in the parameter data[Page][name] used by the /apprain/page/manage-static-pages/create/ endpoint. Impact (as stated): an attacker can retrieve, create, update, and...

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/page/manage-static-pages/create endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...