Lucene search
K

14 matches found

EUVD
EUVD
added 2026/06/21 1:27 p.m.9 views

EUVD-2026-38179

Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...

5.3CVSS5.9AI score0.00221EPSS
Exploits0References3
NVD
NVD
added 2026/03/24 6:16 p.m.3 views

CVE-2026-33160

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, an unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. T...

6.9CVSS0.00355EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 5:28 p.m.6 views

CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:26 p.m.2 views

CVE-2026-33158

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized...

7.1CVSS5.8AI score0.00353EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/24 4:53 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the assets/edit-image endpoint when processing the assetId parameter. An attacker can access unauthorized private asset contents by supplyi...

7.1CVSS5.9AI score0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/08 6:6 p.m.9 views

CVE-2025-61906 Opencast's editor accidentally publishes videos/overwrites publications #1626

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...

2.3CVSS0.00274EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/08 6:6 p.m.3 views

CVE-2025-61906 Opencast's editor accidentally publishes videos/overwrites publications #1626

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...

2.3CVSS6.4AI score0.00274EPSS
Exploits1References3
CVE
CVE
added 2025/10/08 6:6 p.m.14 views

CVE-2025-61906

Opencast versions prior to 17.8 and 18.2 have a flaw where the editor may publish a video without notifying the user, potentially exposing internal media. The vulnerability requires a user with write access to an event who uses the editor and first clicks Save & Publish, then Save. Impact is desc...

4.3CVSS6.4AI score0.00274EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.4 views

GitLab Enterprise Edition(EE) 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition EE that originates from an attacker being able to perform sensitive keyword searches. The following products and versions are affected:...

7.5CVSS6.3AI score0.00317EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.7 views

PT-2025-15979 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.1 through 17.8.6 GitLab EE versions 17.9 through 17.9.5 GitLab EE versions 17.10 through 17.10.3 Description: An issue has been discovered in GitLab EE that allows attackers to perform targeted searches with sensitive...

7.5CVSS5.9AI score0.00317EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.8 views

Microsoft Visual Studio和Microsoft .NET 安全漏洞

Microsoft Visual Studio and Microsoft .NET are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft .NET...

7.5CVSS7.4AI score0.02701EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

Microsoft Visual Studio and Microsoft .NET Security Vulnerabilities

Microsoft Visual Studio and Microsoft .NET are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft .NET...

8.1CVSS6.8AI score0.02587EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.3 views

Microsoft .NET Security Vulnerabilities

Microsoft .NET is a software framework from Microsoft Corporation that is dedicated to agile software development, rapid application development, platform-agnosticism, and web transparency. A security vulnerability exists in Microsoft . NET 6.0, .NET 7.0, .NET 8.0, Microsoft Visual Studio 2022...

7.5CVSS6.5AI score0.02707EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2020/02/25 11:10 p.m.21 views

Exploit for Code Injection in Microsoft

CVEAssessments012020 CVE-2017-8759 Update DVR Examiner...

9.3CVSS6.4AI score0.88698EPSS
Exploits14
Rows per page
Query Builder