|
181
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access t…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44201
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of …
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44200
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44199
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, …
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44198
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
185
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revis…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44197
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
186
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without…
New
|
CWE-20
CWE-862
Improper Input Validation
Missing Authorization
|
CVE-2026-42613
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
187
|
8.5 |
HIGH
Network
|
-
|
-
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42612
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
188
|
8.9 |
HIGH
Network
|
-
|
-
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with the injection of svg element. The XSS can further be escalated t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42611
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
189
|
8.1 |
HIGH
Network
|
-
|
-
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existi…
New
|
CWE-269
CWE-285
CWE-639
CWE-837
Improper Privilege Management
Improper Authorization
Authorization Bypass Through User-Controlled Key
Improper Enforcement of a Single, Unique Action
|
CVE-2026-42609
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file throug…
New
|
CWE-94
Code Injection
|
CVE-2026-42607
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
