Lucene search
+L

345 matches found

NVD
NVD
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33887

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...

5.4CVSS0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:41 p.m.4 views

CVE-2026-33887

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...

5.4CVSS5.8AI score0.00142EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/27 8:41 p.m.47 views

CVE-2026-33887

Statamic CMS (Laravel/Git) contains a vulnerability in revision controllers: before versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, bypassing collection permissions and exposing entry field values and blueprint da...

5.4CVSS5.8AI score0.00142EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/27 8:41 p.m.30 views

CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...

5.4CVSS0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 8:41 p.m.6 views

CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...

5.4CVSS5.8AI score0.00142EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/27 8:41 p.m.3 views

CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...

5.4CVSS5.8AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 7:9 a.m.4 views

BIT-DISCOURSE-2026-27454 Discourse has check revision visibility on posts endpoint

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidden or if t...

5.3CVSS5.9AI score0.00388EPSS
Exploits0References5
OSV
OSV
added 2026/03/26 7:7 p.m.4 views

GHSA-4HP7-3WXG-CV9Q Statamic allows unauthorized content access through missing authorization in its revision controllers

Impact Authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the authorization checks that the main entry controllers enforce, exposing entry field values and...

5.4CVSS5.8AI score0.00142EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 7:7 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the revision controllers. An attacker can access entry revisions and view sensitive field values and blueprint data by bypassing authorization checks with authenticated Control Panel access. Users may also creat...

5.4CVSS5.9AI score0.00142EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 7:7 p.m.8 views

Statamic allows unauthorized content access through missing authorization in its revision controllers

Impact Authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the authorization checks that the main entry controllers enforce, exposing entry field values and...

5.4CVSS5.7AI score0.00142EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.4 views

CVE-2026-32539

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...

9.3CVSS5.9AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.5 views

CVE-2026-27454

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidde...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.13 views

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.14 views

PT-2026-28554

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2 Description Statamic is a Laravel and Git powered content management system CMS. Authenticated Control Panel users could view entry revisions for any collection with revisions...

5.4CVSS5.9AI score0.00142EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15913

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...

9.3CVSS5.9AI score0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:17 p.m.5 views

CVE-2026-32539

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...

9.3CVSS0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:15 p.m.13 views

CVE-2026-32539

CVE-2026-32539 affects PublishPress Revisions (revisionary) for WordPress, specifically

9.3CVSS5.9AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.1 views

CVE-2026-32539

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...

5.9AI score0.00248EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 4:15 p.m.3 views

CVE-2026-32539 WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...

5.9AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:15 p.m.29 views

CVE-2026-32539 WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...

9.3CVSS0.00248EPSS
Exploits0References1
Rows per page
Query Builder