Lucene search
K

8238 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-58143

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References3
CVE
CVE
added 2 days ago6 views

CVE-2026-53962

Discourse (open‑source discussion platform) has an XSS vulnerability due to insufficient SVG sanitization in upload and avatar handling. Affected in versions prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. The issue could be triggered by visiting specific URLs outside normal navigation; CVSS...

5.4CVSS5.8AI score0.00264EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-53962

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...

5.4CVSS5.8AI score0.00264EPSS
Exploits0References10Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-45788

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pullhotlinkedimages when an attacker knew the secured upload URL and the secureuploads site setting was enabled. This issue is fixed in versions 2026.6.0,...

6.3CVSS5.8AI score0.00466EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2 days ago10 views

CVE-2026-45788

CVE-2026-45788 affects the open-source forum software Discourse . The issue: prior to 2026.6.0 , and also before 2026.5.1 , 2026.4.2 , and 2026.1.5 , secure uploads could be exposed via pull_hotlinked_images when an attacker knew the secured upload URL and the secure_uploads site setting was enab...

6.3CVSS5.8AI score0.00466EPSS
Exploits0References9
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-45788 Discourse: Secure uploads exposed by hotlinked image copying

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pullhotlinkedimages when an attacker knew the secured upload URL and the secureuploads site setting was enabled. This issue is fixed in versions 2026.6.0,...

6.3CVSS0.00466EPSS
Exploits0References9
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-46413 Discourse: Regular users can route multipart uploads into the admin backup store

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

6.5CVSS0.00366EPSS
Exploits0References9
CVE
CVE
added 2 days ago6 views

CVE-2026-46413

Discourse (open-source discussion platform) contains a vulnerability tracked as CVE-2026-46413 where, prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This could allow una...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-46413

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42686

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6AI score0.00525EPSS
Exploits0References8
NVD
NVD
added 2 days ago9 views

CVE-2026-55420

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

7.5CVSS0.0033EPSS
Exploits0References6
CVE
CVE
added 2 days ago11 views

CVE-2026-55420

Discourse (open-source platform) prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, in some non-default configurations, allowed processing of PDF uploads to lead to remote code execution on the server. The root cause is tied to how PDFs are processed under specific configurations, enab...

7.5CVSS5.9AI score0.0033EPSS
Exploits0References6
NVD
NVD
added 2 days ago6 views

CVE-2026-12406

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.7. This is due to the plugin not properly verifying that a user is authorized to perform an...

5.3CVSS0.00323EPSS
Exploits0References10
NVD
NVD
added 2 days ago8 views

CVE-2026-11571

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

7.5CVSS0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-11571 Everest Forms < 3.5.0 - Unauthenticated Sensitive Information Exposure via Residual CSV Artifacts

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

0.00256EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-11571

The CVE concerns the Everest Forms WordPress plugin prior to version 3.5.0. It does not reliably delete temporary CSV files created during email-notification processing, leaving them publicly accessible in the uploads directory. This enables unauthenticated attackers to retrieve other users’ form...

7.5CVSS6AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42508

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

7.5CVSS6AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-56995

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Secure uploads may be exposed through the pull hotlinked images function when the...

6.3CVSS6AI score0.00466EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56999

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Insufficient SVG sanitization during the handling of uploads and user avatars can...

5.4CVSS6AI score0.00264EPSS
Exploits0References12
CVE
CVE
added 3 days ago10 views

CVE-2026-8801

Technical details about CVE-2026-8801 are not publicly available in the provided documents. Monitor for further updates from vendors and standard CVE sources.

9.8CVSS5.9AI score0.00311EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder