14 matches found
EUVD-2026-38179
Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...
CVE-2026-33160
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, an unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. T...
CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...
CVE-2026-33158
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized...
Authorization Bypass Through User-Controlled Key
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the assets/edit-image endpoint when processing the assetId parameter. An attacker can access unauthorized private asset contents by supplyi...
CVE-2025-61906 Opencast's editor accidentally publishes videos/overwrites publications #1626
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...
CVE-2025-61906 Opencast's editor accidentally publishes videos/overwrites publications #1626
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...
CVE-2025-61906
Opencast versions prior to 17.8 and 18.2 have a flaw where the editor may publish a video without notifying the user, potentially exposing internal media. The vulnerability requires a user with write access to an event who uses the editor and first clicks Save & Publish, then Save. Impact is desc...
GitLab Enterprise Edition(EE) 安全漏洞
GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition EE that originates from an attacker being able to perform sensitive keyword searches. The following products and versions are affected:...
PT-2025-15979 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.1 through 17.8.6 GitLab EE versions 17.9 through 17.9.5 GitLab EE versions 17.10 through 17.10.3 Description: An issue has been discovered in GitLab EE that allows attackers to perform targeted searches with sensitive...
Microsoft Visual Studio和Microsoft .NET 安全漏洞
Microsoft Visual Studio and Microsoft .NET are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft .NET...
Microsoft Visual Studio and Microsoft .NET Security Vulnerabilities
Microsoft Visual Studio and Microsoft .NET are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft .NET...
Microsoft .NET Security Vulnerabilities
Microsoft .NET is a software framework from Microsoft Corporation that is dedicated to agile software development, rapid application development, platform-agnosticism, and web transparency. A security vulnerability exists in Microsoft . NET 6.0, .NET 7.0, .NET 8.0, Microsoft Visual Studio 2022...
Exploit for Code Injection in Microsoft
CVEAssessments012020 CVE-2017-8759 Update DVR Examiner...