GHSA-QCMW-6RM2-5X78 TYPO3 CMS has Broken Access Control in its DataHandler

Problem Backend users were able to move records to a different page without having edit permissions on the source page. Solution Update to TYPO3 versions 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits TYPO3 CMS thanks Hyunseo Shin for reporting this issue, and TYPO3 security team...

TYPO3 CMS has Broken Access Control in its DataHandler

Problem Backend users were able to move records to a different page without having edit permissions on the source page. Solution Update to TYPO3 versions 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits TYPO3 CMS thanks Hyunseo Shin for reporting this issue, and TYPO3 security team...

CVE-2026-53740

creationtimestamp| type| source ---|---|--- 2026-06-10 23:17:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnxtu746tt23...

CVE-2026-53439

creationtimestamp| type| source ---|---|--- 2026-06-10 15:07:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwyduf4sh2r 2026-06-16 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/jenkins-multiple-vulnerabilities20260617...

CVE-2026-47350

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-47350

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-47350 TYPO3 CMS - Broken Access Control in DataHandler

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-47350 TYPO3 CMS - Broken Access Control in DataHandler

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-47350

Technical details about CVE-2026-47350 are not publicly available in the provided documents. Monitor for updates.

PT-2026-47743

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users can move records to a different page even if they lack the necessary edit permissions on the source page. Recommendations Update TYPO3...

CVE-2026-10544

creationtimestamp| type| source ---|---|--- 2026-06-08 20:42:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnsk4qi4ed2p...

CVE-2026-11065

creationtimestamp| type| source ---|---|--- 2026-06-05 13:24:01+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-09 18:00:00+00:00| seen|...

CVE-2026-44200 Wagtail: Improper permission handling when copying pages

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it...

CVE-2026-44200

CVE-2026-44200 Overview (Wagtail) : Wagtail (Django-based CMS) had a permission flaw where a user with limited access to pages could copy a page they cannot access to a location they can, then view its contents and potentially publish it. The root cause was that source-page permissions were not e...

CVE-2026-44694

creationtimestamp| type| source ---|---|--- 2026-05-08 23:01:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mletkureqe2q 2026-06-15 17:02:31+00:00| seen| MISP/d511a704-eba2-411a-9543-41e0e130f522...

GHSA-67RV-MG8Q-5PF3 Wagtail has improper permission handling when copying pages

Impact A CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once copied, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. Patche...

CVE-2026-44573

creationtimestamp| type| source ---|---|--- 2026-05-08 12:09:44+00:00| seen| https://www.acn.gov.it/portale/w/next.js-aggiornamenti-di-sicurezza-1 2026-05-11 06:42:58+00:00| published-proof-of-concept| https://t.me/htfgtps/1107 2026-06-05 13:43:59+00:00| seen|...

CVE-2026-5670

creationtimestamp| type| source ---|---|--- 2026-04-06 18:48:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mitwivu5rp2o...

CVE-2019-25692

creationtimestamp| type| source ---|---|--- 2026-04-05 23:44:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mirwkr75jm2z...

CVE-2026-5027

creationtimestamp| type| source ---|---|--- 2026-03-27 17:23:12+00:00| published-proof-of-concept| Telegram/kHfLfkapUcGKUVgufiQubAbscQMrKjcom26lkyfAO4Fyc 2026-03-27 18:20:00+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116302518672297608 2026-03-27 23:00:43+00:00| seen|...