CVE-2026-27745

The CVE-2026-27745 entry concerns the SPIP plugin interface_traduction_objets, affected when using versions prior to 4.3.3. An authenticated attacker with editor-level privileges can exploit an authenticated RCE vulnerability by injecting crafted content into a hidden form field populated with un...

CVE-2026-27747

The CVE concerns the SPIP plugin interface_traduction_objets (versions prior to 4.3.3). The vulnerability is an authenticated SQL injection in interface_traduction_objets_pipelines.php: the plugin reads the id_parent parameter from user input and directly concatenates it into a SQL WHERE clause i...