Lucene search
K

6 matches found

NVD
NVD
added 5 days ago13 views

CVE-2026-14793

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS0.00224EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41804

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/31 11:2 p.m.7 views

Arbitrary Code Injection

Overview lodash-amd is a Lodash exported as AMD modules. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious...

9.8CVSS7.5AI score0.2241EPSS
Exploits3References2
Snyk
Snyk
added 2026/03/31 11:2 p.m.8 views

Arbitrary Code Injection

Overview lodash.template is a The Lodash method .template exported as a Node.js module. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilatio...

9.8CVSS7.5AI score0.2241EPSS
Exploits3References2
Snyk
Snyk
added 2025/12/31 10:40 p.m.6 views

Improper Validation of Specified Quantity in Input

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via improper validation in the handleNormalTransaction...

7.1CVSS6.8AI score0.0036EPSS
Exploits0References2
Rows per page
Query Builder