3 matches found
CVE-2026-32106
creationtimestamp| type| source ---|---|--- 2026-03-11 14:50:41+00:00| published-proof-of-concept| https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q...
PT-2026-24821
Summary The updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never verifies that the caller owns the target account id !== userData.user.id. Any authenticated visitor...
Incorrect Authorization
Overview @withstudiocms/api-spec is an API Specification for StudioCMS Affected versions of this package are vulnerable to Incorrect Authorization through the api-tokens endpoint, which allows an authenticated user with editor privileges or higher to generate API tokens for any user by specifying...