CVE-2026-32870 - Kirby has XML injection in its XML creator toolkit
CVE ID :CVE-2026-32870 Published : April 24, 2026, 1:16 a.m. | 35 minutes ago Description :Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handling for `` blocks. If the input value is already valid `CDATA`, it is not escaped a second time but allow
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Fixing the Exploit Didn’t Fix the System: An Exploration of Trust Boundaries
- [CYBER] The Mythos "breach" breakdown — no zero-day needed, just a supply chain failure and a leaked URL convention. Here's the full attack chain.
- [CYBER] Hack The Box - Snapped Writeup
- [CYBER] Aave Leads DeFi United to Restore rsETH Backing After KelpDAO Exploit - Cryptonews.net
- [CYBER] Fake app drains Filipino retiree’s life savings via ‘malware-as-a-service’
- [CYBER] I Built a Security Scanner That Audits PDFs Before You Send Them. Here's How. [Devlog #10]