CVE-2026-44010 Craft CMS: Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...

CVE-2026-44010 Craft CMS: Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...

EUVD-2026-19635

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

PT-2026-21528

Name of the Vulnerable Software and Affected Versions versions prior to 2026 Description An improper access control issue allows authenticated users to access areas outside of their authorized scope. Recommendations At the moment, there is no information about a newer version that contains a fix...

GHSA-HC8F-M8G5-8362 File Browser: Command Execution not Limited to Scope

Summary In the web application, all users have a scope assigned, and they only have access to the files within that scope. The Command Execution feature of Filebrowser allows the execution of shell commands which are not restricted to the scope, potentially giving an attacker read and write acces...

CVE-2024-22021

Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role Plan Author to retrieve plans from a Scope other than the one they are assigned to...

CVE-2023-38499 typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website...

Information Disclosure due to Out-of-scope Site Resolution

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 3.5 Problem In multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site b...

TYPO3 9.4.0 < 9.5.42 ELTS / 10.0.0 < 10.4.39 ELTS / 11.0.0 < 11.5.30 / 12.0.0 < 12.4.4 (TYPO3-CORE-SA-2023-003)

The version of TYPO3 installed on the remote host is prior to 9.4.0 9.5.42 ELTS / 10.0.0 10.4.39 ELTS / 11.0.0 11.5.30 / 12.0.0 12.4.4. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-003 advisory. - In multi-site scenarios, enumerating the HTTP query...

Linux kernel resource management error vulnerability (CNVD-2021-30592)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in versions of Linux kernel prior to 5.7, which stems from the KVM subsystem allowing out-of-scope access after deletion. No...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in versions of Linux kernel prior to 5.7, which stems from the KVM subsystem allowing out-of-scope access after deletion. No...

Input Validation Error Vulnerability in Multiple Qualcomm Products (CNVD-2020-03578)

The Qualcomm MSM8996AU, among others, is a central processing unit CPU product of Qualcomm Incorporated USA. An input validation error vulnerability exists in WLAN Host in multiple Qualcomm products, which can be exploited by an attacker to gain out-of-scope access while processing firmware event...

Ubuntu Update for firefox USN-1951-1

Check for the Version of firefox OpenVAS Vulnerability Test $Id: gbubuntuUSN19511.nasl 8542 2018-01-26 06:57:28Z teissa $ Ubuntu Update for firefox USN-1951-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...