Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.9 views

CVE-2026-33161

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

5.3CVSS5.7AI score0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:31 p.m.3 views

CVE-2026-33161

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

5.3CVSS5.7AI score0.00215EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/24 5:31 p.m.24 views

CVE-2026-33161 Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

5.3CVSS0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27466

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

5.3CVSS5.7AI score0.00215EPSS
Exploits0References5
Rows per page
Query Builder