127 matches found
CVE-2026-29179
October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the asset and blueprint file operations in the CMS and Tailor editor extensions. An attacker can gain unauthorized access to perform file operations such as create, delete, rename, move, or upload on theme...
CVE-2026-29179
October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...
EUVD-2026-24159
October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations...
October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations
Fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access but had editor.cmsassets or editor.tailorblueprints specifically withheld, an uncommon...
CVE-2026-29179 October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations
October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...
CVE-2026-29179
October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...
PT-2026-34005
Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.16 October versions prior to 4.1.16 Description Fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This allows backend users who...
EUVD-2020-23655
Malware in sbrugna...
EUVD-2020-23650
Malware in sbrugna...
EUVD-2021-27444
Malware in sbrugna...
EUVD-2020-23651
Malware in sbrugna...
EUVD-2020-23649
Malware in sbrugna...
EUVD-2020-23652
Malware in sbrugna...
EUVD-2024-26143
Malicious code in bioql PyPI...
MAL-2025-18948 Malicious code in dt-oneagent-tailor (npm)
The package dt-oneagent-tailor was found to contain malicious code...
Malicious code in dt-oneagent-tailor (npm)
The package dt-oneagent-tailor was found to contain malicious code...
CVE-2024-29104
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through 1.10...
CVE-2021-40260
Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester Tailor Management 1.0 via the 1 eid parameter in a partedit.php and b customeredit.php, the 2 id parameter in a editmeasurement.php and b addpayment.php, and the 3 error parameter in index.php...
CVE-2020-36072
SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter...