345 matches found
CVE-2026-33887
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...
CVE-2026-33887
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...
CVE-2026-33887
Statamic CMS (Laravel/Git) contains a vulnerability in revision controllers: before versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, bypassing collection permissions and exposing entry field values and blueprint da...
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...
BIT-DISCOURSE-2026-27454 Discourse has check revision visibility on posts endpoint
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidden or if t...
GHSA-4HP7-3WXG-CV9Q Statamic allows unauthorized content access through missing authorization in its revision controllers
Impact Authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the authorization checks that the main entry controllers enforce, exposing entry field values and...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the revision controllers. An attacker can access entry revisions and view sensitive field values and blueprint data by bypassing authorization checks with authenticated Control Panel access. Users may also creat...
Statamic allows unauthorized content access through missing authorization in its revision controllers
Impact Authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the authorization checks that the main entry controllers enforce, exposing entry field values and...
CVE-2026-32539
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...
CVE-2026-27454
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidde...
CVE-2026-32692
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
PT-2026-28554
Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2 Description Statamic is a Laravel and Git powered content management system CMS. Authenticated Control Panel users could view entry revisions for any collection with revisions...
EUVD-2026-15913
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...
CVE-2026-32539
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...
CVE-2026-32539
CVE-2026-32539 affects PublishPress Revisions (revisionary) for WordPress, specifically
CVE-2026-32539
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...
CVE-2026-32539 WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...
CVE-2026-32539 WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...