Lucene search
K

127 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-29179

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

3.3CVSS5.5AI score0.00144EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/21 6:31 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the asset and blueprint file operations in the CMS and Tailor editor extensions. An attacker can gain unauthorized access to perform file operations such as create, delete, rename, move, or upload on theme...

3.3CVSS5.8AI score0.00144EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 5:16 p.m.17 views

CVE-2026-29179

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

3.3CVSS0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 5:15 p.m.8 views

EUVD-2026-24159

October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations...

3.3CVSS5.7AI score0.00144EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/21 5:15 p.m.10 views

October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

Fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access but had editor.cmsassets or editor.tailorblueprints specifically withheld, an uncommon...

3.3CVSS5.7AI score0.00144EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/21 4:19 p.m.42 views

CVE-2026-29179 October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

3.3CVSS0.00144EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:19 p.m.3 views

CVE-2026-29179

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

3.3CVSS5.8AI score0.00144EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34005

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.16 October versions prior to 4.1.16 Description Fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This allows backend users who...

3.3CVSS5.8AI score0.00144EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-23655

Malware in sbrugna...

8.8CVSS8.7AI score0.00997EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-23650

Malware in sbrugna...

8.8CVSS8.7AI score0.01378EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-27444

Malware in sbrugna...

6.1CVSS6.3AI score0.00641EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-23651

Malware in sbrugna...

8.8CVSS8.6AI score0.01349EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-23649

Malware in sbrugna...

8.8CVSS8.6AI score0.01405EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-23652

Malware in sbrugna...

8.8CVSS8.7AI score0.01378EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-26143

Malicious code in bioql PyPI...

6.5CVSS8.6AI score0.00312EPSS
Exploits0References1
OSV
OSV
added 2025/08/14 6:52 p.m.4 views

MAL-2025-18948 Malicious code in dt-oneagent-tailor (npm)

The package dt-oneagent-tailor was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in dt-oneagent-tailor (npm)

The package dt-oneagent-tailor was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:54 a.m.5 views

CVE-2024-29104

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through 1.10...

6.5CVSS8.6AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:43 p.m.5 views

CVE-2021-40260

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester Tailor Management 1.0 via the 1 eid parameter in a partedit.php and b customeredit.php, the 2 id parameter in a editmeasurement.php and b addpayment.php, and the 3 error parameter in index.php...

6.1CVSS6.3AI score0.00641EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:37 p.m.12 views

CVE-2020-36072

SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter...

8.8CVSS8.6AI score0.01378EPSS
Exploits1
Rows per page
Query Builder