Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.9 views

CVE-2026-39857

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...

5.3CVSS5.6AI score0.00435EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/16 8:42 p.m.7 views

EUVD-2026-23102

ApostropheCMS: publicApiProjection Bypass via project Query Builder in Piece-Type REST API...

5.3CVSS5.8AI score0.00512EPSS
Exploits1References4
NVD
NVD
added 2026/04/15 8:16 p.m.5 views

CVE-2026-39857

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...

5.3CVSS0.00435EPSS
Exploits1References2
CVE
CVE
added 2026/04/15 7:38 p.m.13 views

CVE-2026-39857

CVE-2026-39857 – ApostropheCMS (Node.js) : Versions 4.28.0 and earlier contain an authorization bypass in the REST API (choices and counts query parameters) where MongoDB distinct() is used in a way that ignores publicApiProjection restrictions. This allows an unauthenticated attacker to retrieve...

5.3CVSS5.8AI score0.00435EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/15 7:25 p.m.3 views

CVE-2026-33888 ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying...

5.3CVSS5.7AI score0.00512EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33173

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description An authorization bypass exists in the REST API of this open-source Node.js content management system. Unauthenticated attackers can extract all distinct field values for any schema field type...

5.3CVSS5.3AI score0.00435EPSS
Exploits1References7
Rows per page
Query Builder