Vulnerabilities

Report: - Kirby: User avatar creation, replacement and deletion are not gated by user upda... CVE-2026-42174

2026-05-09 0 views admin

CVE ID :CVE-2026-42174 Published : May 9, 2026, 4:16 a.m. | 1 hour, 28 minutes ago Description :Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-42174

Severity

MEDIUM

Published

May 9, 2026

🏷️ Tags

reportkirbyavatarcreationreplacementdeletiongated42174cverce

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: - Kirby: User avatar creation, replacement and deletion are not gated by user upda... CVE-2026-42174

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: Update: CVE-2026-42310 - Pillow: PDF Parsing Trailer Infinite Loop (DoS)

Report: Latest: CVE-2026-42311 - Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)

Report: Breaking: CVE-2026-42560 - auth: Patreon provider assigns the same local user ID to every authenticated Pat...

Report: CVE-2026-41311 - LiquidJS is vulnerable to Denial of Service via circular block reference in layout

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting