EUVD-2026-14944

Craft CMS is a content management system CMS. From version 5.3.0 to before version 5.9.14, an authenticated control panel user with only accessCp can move entries across sections via POST /actions/entries/move-to-section, even when they do not have saveEntries:sectionUid permission for either...

CVE-2026-33162 Craft CMS: Authorization bypass in "entries/move-to-section" allows control panel user to move entries without section permissions

Craft CMS is a content management system CMS. From version 5.3.0 to before version 5.9.14, an authenticated control panel user with only accessCp can move entries across sections via POST /actions/entries/move-to-section, even when they do not have saveEntries:sectionUid permission for either...

CVE-2026-33160

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, an unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. T...

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization in the actionMoveToSection process. An attacker can perform unauthorized content changes by sending crafted POST requests to the affected endpoint, allowing them to move...

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the assets/generate-transform endpoint. An attacker can access content derived from private assets by submitting requests with arbitrary asset references, as the...

PT-2026-27465

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, an unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. T...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS prior to 5.9.14 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow unauthorized cross-block movement of entries...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.9.14

Logging for Red Hat OpenShift - 5.9.14 Logging for Red Hat OpenShift - 5.9.14 logging-loki-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html（CVE-2024-45338）...

CVE-2024-41655

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

CVE-2024-41655

CVE-2024-41655 affects the tf2-item-format library. Versions from at least 4.2.6 up to 5.9.13 are vulnerable to a Regular Expression Denial of Service (ReDoS) when parsing crafted user input, allowing DoS of services that use this library. Version 5.9.14 contains a fix. Upgrading to 5.9.14 or app...

CVE-2024-41655 TF2 Item Format Regular Expression Denial of Service vulnerability

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

CVE-2024-41655 TF2 Item Format Regular Expression Denial of Service vulnerability

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

(ReDoS) Regular Expression Denial of Service in tf2-item-format

Summary Versions of tf2-item-format since at least 4.2.6 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. Tested Versions - 5.9.13 - 5.8.10 - 5.7.0 - 5.6.17 - 4.3.5 - 4.2.6 v5 Upgrade package to ^5.9.14 v4 No patch exists. Please consult the v...

CVE-2024-3333

CVE-2024-3333 affects Essential Addons for Elementor (WordPress). It is a Stored XSS via widget URL attributes in versions up to 5.9.14, exploitable by authenticated attackers with contributor-level access or higher; scripts run when users visit injected pages. CVSS v3.1 base score 6.4 (AV:N/AC:L...

WordPress Plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

[SECURITY] Fedora 33 Update: kernel-5.9.14-200.fc33

The kernel meta package...

[SECURITY] Fedora 32 Update: kernel-5.9.14-100.fc32

The kernel meta package...