368880 matches found
CVE-2026-50143
Technical details are not publicly available in the provided documents for CVE-2026-50143. The description indicates a reserved placeholder; monitor for updates and published specifics once available.
CVE-2026-50139
Technical details for CVE-2026-50139 are not publicly available in the provided documents. No affected products, vectors, or remediation are listed. Monitor for updates as new information is published.
CVE-2026-55793
Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...
CVE-2026-50138
Technical details for CVE-2026-50138 are not provided in the supplied documents. This CVE entry is reserved/placeholder with no public details. Monitor for updates as information becomes available.
CVE-2026-53712
Technical details for CVE-2026-53712 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-50163
Technical details for CVE-2026-50163 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified. Monitor for updates.
CVE-2026-50162
Technical details for CVE-2026-50162 are not publicly available in the provided documents. No affected products, impact, or remediation are specified. Monitor for updates and referenced details when the candidate is enriched.
CVE-2026-50151
Technical details are not publicly available in the provided documents. Monitor for updates as the CVE-2026-50151 entry is reserved with no disclosed components or impact.
CVE-2026-54712
OpenTelemetry Java Instrumentation prior to 2.27.0 is affected. The issue resides in the RMI context propagation payload reader, which limits the number of context entries but does not limit the aggregate size of strings read, allowing an attacker who can reach a network-reachable RMI endpoint to...
CVE-2026-54704
OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...
CVE-2026-54263
Wagtail (Django-based CMS) has a reflected XSS in the dynamic image URL generator view within the admin. A limited-permission editor could craft a URL that, when seen by a higher-privilege user, could act with that user’s credentials. Affected versions: < 7.0.8, < 7.3.3,
CVE-2026-54262
Wagtail’s CVE-2026-54262 affects the translation feature. In versions before 7.0.8, 7.3.3, and 7.4.2, a user with the can submit translation permission could create translations for any page, including pages they lack access to. The root cause is described as a permission/authorization issue rela...
CVE-2026-54261
Wagtail (Django-based CMS) has a permission-check flaw in the image preview endpoint. In versions prior to 7.0.8, 7.3.3, and 7.4.2, a user with admin access could preview any image due to a missing permission check; this does not expose the image data itself to ordinary site visitors. The issue h...
CVE-2026-54259
Wagtail (Django-based CMS) has a vulnerability in older branches where the Documents and Images chooser endpoint could show items to users who lack choose permission. Affected versions: < 7.0.8, < 7.3.3, and
CVE-2026-54260
CVE-2026-54260 affects Wagtail (Django-based CMS). In versions prior to 7.0.8, 7.3.3, and 7.4.2, an authenticated admin user can trigger expensive rendition processing via crafted filter specs in the image preview, leading to potential service degradation. This is not exploitable by anonymous vis...
CVE-2026-48978
Technical details for CVE-2026-48978 are not publicly available in the provided documents; no affected products, root cause, or remediation are described. Monitor for updates.
CVE-2026-14340
GitHub Enterprise Server (GitHub ES) suffers an incorrect authorization vulnerability (CVE-2026-14340) where a user-to-server token scoped to a GitHub App installation could perform write operations on public repositories outside the token’s scope. The root cause is an authorization check that on...
CVE-2026-54720
Silverstripe Framework (PHP) contains an XSS vulnerability in the CMS “Insert media from web” feature, exploitable via a specially crafted embed. The issue affects versions prior to 6.2.2 and is mitigated by upgrading to 6.2.2 or later. The vulnerability stems from the media embed handling and co...
CVE-2026-55660
CVE-2026-55660 : TinaCMS and Tinacms app prior to versions 2.5.6 / 3.9.3 allow cross-origin postMessage abuse due to window message listeners that do not validate event.origin/source and post to non-specific origins, combined with insufficient URL sanitization in rich-text content. This enables s...
CVE-2026-45710
Technical details for CVE-2026-45710 are not publicly available in the provided documents. Monitor for updates.