Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-54005

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a role has the pages.access permission disabled allowed authenticated users who know or guess page IDs or UUIDs to retrieve page information, including full content and metadata, for arbitrary published...

7.1CVSS6AI score
Exploits0References6Affected Software1
CVE
CVE
added yesterday19 views

CVE-2026-54005

Kirby CMS has a vulnerability tracked as CVE-2026-54005 where the /api/site/find route does not check the pages.access permission. Prior to versions 4.9.4 and 5.4.4, authenticated users who know or guess page IDs or UUIDs could retrieve full page content and metadata for arbitrary published pages...

7.1CVSS6AI score
Exploits0References5
Snyk
Snyk
added 2026/06/18 3:5 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/site/find route. An attacker can access sensitive page information, including full content and metadata, by sending requests with known or guessed page IDs or UUIDs as an authenticated user. This is on...

7.1CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 3:5 p.m.12 views

Kirby: `pages.access` permission is not checked in the `site/find` REST API route

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages pages.access permission is disabled. This can be due to configuration in the user blueprints, options in the model blueprints, or a combination of both settings. It was possible to...

7.1CVSS5.4AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50726

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Missing authorization in the content management system allows authenticated users to retrieve information for arbitrary published pages. By knowing or guessing page IDs or...

7.1CVSS6AI score
Exploits0References8
Rows per page
Query Builder