Количество 2
Количество 2
CVE-2026-24134
StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue.
GHSA-8cw6-53m5-4932
StudioCMS has Authorization Bypass Through User-Controlled Key
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-24134 StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue. | CVSS3: 6.5 | 0% Низкий | 12 дней назад |
| GHSA-8cw6-53m5-4932 StudioCMS has Authorization Bypass Through User-Controlled Key | CVSS3: 6.5 | 0% Низкий | 12 дней назад |
Уязвимостей на страницу