Ezsystems/ezpublish-kernel
This hub aggregates every CVE we track for Ezsystems/ezpublish-kernel, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
3
Critical
1
High
0
In CISA KEV
Severity distribution
CRITICAL3MEDIUM2LOW1HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Ezsystems/ezpublish-kernel.
- CVE-2022-48367An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.9.8
- CVE-2022-48366An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.3.7
- CVE-2022-48365An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.7.2
- CVE-2021-46875An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.6.1
- CVE-2021-46876An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.5.3
- CVE-2022-25337Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.9.8
- CVE-2020-10806eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to ...9.8
Product normalization is registry-driven with AI assist and human review. How it works