| CVE-2026-42069 |
medium |
6.5 |
6.5 |
|
|
|
1mo ago |
Kirby CMS's read access to site, user and role information is not gated by permissions |
| CVE-2026-42137 |
medium |
6.5 |
6.5 |
|
|
|
1mo ago |
Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API |
| CVE-2017-16807 |
medium |
5.4 |
6.4 |
|
|
|
9y ago |
Kirby XSS Vulnerability |
| CVE-2026-45334 |
medium |
— |
5.5 |
|
|
|
8d ago |
Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions |
| CVE-2026-44176 |
medium |
— |
5.5 |
|
|
|
9d ago |
Kirby CMS's `pages.access` permission is not checked during rendering of page drafts |
| CVE-2026-29905 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Withdrawn Advisory: Kirby CMS has Persistent DoS via Malformed Image Upload |
| CVE-2026-42051 |
medium |
4.3 |
4.3 |
|
|
|
1mo ago |
Kirby CMS's system API endpoint leaks installed version and license data to authenticated users |
| CVE-2026-42174 |
medium |
4.3 |
4.3 |
|
|
|
1mo ago |
Kirby CMS doesn't gate user avatar creation, replacement and deletion with user update permissions |
