CVE-2026-42174

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42174

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 had security vulnerabilities. These vulnerabilities stemmed from the ability to create, replace, and delete user avatars without restricting user update permissions...

PT-2026-37168

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description Missing authorization in the content management system allows authenticated users to create, replace, or delete user avatars even when they lack the necessary permissions ...

PT-2026-33801

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manage users permission check for self-updates, enabling privile...

CVE-2026-21896 Kirby is missing permission checks in the content changes API

Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...

CVE-2025-36192

IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...

CVE-2025-36192

CVE-2025-36192 affects IBM System Storage DS8000 family (DS8A00 with R10.0–R10.1 and DS8900F with R9.4). The root cause is missing authorization in Safeguarded Copy / GDPS logical corruption protection, enabling a local user with authorized CCW update permissions to delete or corrupt backups. IBM...

EUVD-2008-5968

Malware in sbrugna...

CVE-2024-58260

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts...

CVE-2024-58260 Rancher update on users can deny the service to the admin

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts...

CVE-2024-58260 Rancher update on users can deny the service to the admin

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts...

CVE-2024-58260

CVE-2024-58260 affects Rancher (Rancher Manager) via missing server-side validation on the .username field, enabling users with update permissions on other User resources to cause denial of access for targeted accounts. Connected documents map this to Rancher/Rancher components and multiple affec...

PT-2025-39663

Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.12.2 Rancher versions prior to 2.11.6 Rancher versions prior to 2.10.10 Rancher versions prior to 2.9.12 Description A missing server-side validation on the .username field in Rancher allows users with update...

Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

CVE-2022-36031

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

GitLab 12.8 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2020-13266)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions CVE-2020-13266 Note...

BIT-GITLAB-2020-13266

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...