Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-59828

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...

5.3CVSS5.9AI score
Exploits0References10Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-53962

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...

5.4CVSS5.8AI score
Exploits0References10Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-55424

CVE-2026-55424 – Discourse topic featured link stored XSS . Discourse (open-source discussion platform) prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 allowed a mis-normalized/undescoped topic feature link to inject JavaScript when default Content Security Policy protections were mo...

7.4CVSS6AI score
Exploits0References9
NVD
NVD
added yesterday7 views

CVE-2026-59720

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...

7.5CVSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-42654

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...

7.5CVSS5.9AI score
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-59720

Hoppscotch’s Mock API exposes private collection data due to a desync: mock-server.service.ts does not persist the isPublic input, while schema.prisma defaults isPublic to true, making mock servers linked to private collections publicly accessible without authentication. The vulnerability affects...

7.5CVSS5.9AI score
Exploits0References4
Cvelist
Cvelist
added yesterday12 views

CVE-2026-59720 Hoppscotch: Insecure Default Configuration Allows Public Exposure of Private Collection Data via Mock Server

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...

7.5CVSS
Exploits0References4
OSV
OSV
added 2026/06/23 6:18 p.m.4 views

PYSEC-2026-241

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False....

7.6CVSS5.8AI score0.00193EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54317

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False....

7.6CVSS0.00193EPSS
Exploits1References1
OSV
OSV
added 2026/06/16 12:0 a.m.3 views

OPENSUSE-SU-2026:11043-1 python313-distributed-2026.6.0-1.1 on GA media

These are all security issues fixed in the python313-distributed-2026.6.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS8.3AI score0.02876EPSS
Exploits0References1
Rows per page
Query Builder