| CVE-2026-44199 |
medium |
6.5 |
6.5 |
|
|
|
23d ago |
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav… |
| CVE-2026-44197 |
medium |
6.5 |
6.5 |
|
|
|
23d ago |
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revis… |
| CVE-2026-44200 |
medium |
6.5 |
6.5 |
|
|
|
26d ago |
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of … |
| CVE-2026-44201 |
medium |
5.3 |
5.3 |
|
|
|
23d ago |
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access t… |
| CVE-2026-44198 |
medium |
4.3 |
4.3 |
|
|
|
23d ago |
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, … |
| CVE-2026-28223 |
unknown |
— |
— |
|
|
|
3mo ago |
Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface |
| CVE-2026-28222 |
unknown |
— |
— |
|
|
|
3mo ago |
Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes |
| CVE-2026-25517 |
unknown |
— |
— |
|
|
|
4mo ago |
Wagtail has improper permission handling on admin preview endpoints |
| CVE-2024-39317 |
unknown |
— |
— |
|
|
|
2y ago |
Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to par… |
| CVE-2024-35228 |
unknown |
— |
— |
|
|
|
2y ago |
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings` |
| CVE-2024-32882 |
unknown |
— |
— |
|
|
|
2y ago |
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet` |
| CVE-2023-45809 |
unknown |
— |
— |
|
|
|
3y ago |
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles… |
| CVE-2023-28837 |
unknown |
— |
— |
|
|
|
3y ago |
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both… |
| CVE-2023-28836 |
unknown |
— |
— |
|
|
|
3y ago |
Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAd… |
| CVE-2022-21683 |
unknown |
— |
— |
|
|
|
4y ago |
Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have rep… |
| CVE-2021-32681 |
unknown |
— |
— |
|
|
|
5y ago |
Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the … |
| CVE-2021-29434 |
unknown |
— |
— |
|
|
|
5y ago |
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensu… |
| CVE-2020-15118 |
unknown |
— |
— |
|
|
|
6y ago |
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard … |
| CVE-2020-11037 |
unknown |
— |
— |
|
|
|
6y ago |
In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password … |
| CVE-2020-11001 |
unknown |
— |
— |
|
|
|
6y ago |
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission… |
