18 matches found
CVE-2026-8240
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
CVE-2026-28506
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...
CVE-2026-28506
The CVE-2026-28506 affects Outline prior to 1.5.0. A logic flaw in the events.list API endpoint’s filtering lets any authenticated user retrieve activity events for documents that have no collection (e.g., Private Drafts, Deleted Documents), regardless of the user’s actual permissions. This resul...
CVE-2026-28506
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...
CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...
CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...
CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...
EUVD-2026-12584
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...
CVE-2026-24901
Summary: CVE-2026-24901 affects Outline prior to 1.4.0, with an Insecure Direct Object Reference (IDOR) in the document restoration logic. This allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users (including administrators) by bypa...
CVE-2026-24901 Outline's IDOR allows unauthorized viewing and seizing of private deleted drafts
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference IDOR vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users,...
CVE-2026-24901 Outline's IDOR allows unauthorized viewing and seizing of private deleted drafts
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference IDOR vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users,...
WordPress plugin Greenshift – animation and page builder blocks 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2025-51081
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback get json function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract...
CVE-2024-10782
The Theme Builder For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
PT-2024-16556 · WordPress · Full Screen Menu For Elementor
Name of the Vulnerable Software and Affected Versions: Full Screen Menu for Elementor plugin for WordPress versions up to, and including, 1.0.7 Description: The Full Screen Menu for Elementor plugin for WordPress has an Information Exposure issue due to insufficient restrictions on which posts ca...
PT-2024-16471 · WordPress · Futurio Extra
Name of the Vulnerable Software and Affected Versions: Futurio Extra plugin for WordPress versions up to, and including, 2.0.13 Description: The issue concerns Information Exposure via the elementor-template shortcode due to insufficient restrictions on which posts can be included. This allows...
CVE-2024-10770
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...
PT-2024-28007 · Nato · Nato Nci Anet
Name of the Vulnerable Software and Affected Versions: NATO NCI ANET version 3.4.1 Description: The issue allows for Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user. Recommendations: For NATO NCI ANET version 3.4.1...