CVE-2026-47351 TYPO3 CMS - Broken Access Control in Clipboard

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2...

BIT-NODE-2026-21715

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

CVE-2026-21715

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

CVE-2026-27954

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

CVE-2022-47551

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...