Malicious code in ty-web-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15f6d0a640d7d4323f1ef52969a6a259b9b6e3bacc2bf65f514cd618a00945a9 The package ty-web-session was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-30891

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a pat...

CVE-2026-30891

Summary of CVE-2026-30891 : Discourse (open-source discussion platform) is affected in versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, where a user could access another user’s private activity due to insufficient authorization checks in the user actions endpoint. The affected release...

EUVD-2026-13492

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a pat...

CVE-2026-30891

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a pat...

PT-2026-26541

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Insufficient authorization checks in the user actions API...

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from insufficient authorization checks on user-operated...

CVE-2026-32865

creationtimestamp| type| source ---|---|--- 2026-03-19 18:43:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhgnstm2xy2y 2026-03-19 18:53:27+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mhgoeqmnhz2h 2026-03-19 19:47:25+00:00| seen|...

MAL-2026-1584 Malicious code in wn-idv-persona-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77973c6ca0ba60bf7105d4250b88b0fd7b3304dd3fe9ead1072912d8e724b21f The package wn-idv-persona-client was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in whatnot-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e7124b844cb92c573d57e94d1060a58445a82d03984c430e1632807fda9d227 The package whatnot-web was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1582 Malicious code in whatnot-manifests (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f0504ddd24de9ec3870bb8fc657436f5a61e3f6327f0e044bc380bfe3479d40 The package whatnot-manifests was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in browser-gaming-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6192938bfd5be1cecf133866c6e290b57293bede88ca5b11d8af9aab40bae003 The package browser-gaming-client was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in nf-cl-ls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a649ee3bcabdbceb5c56f4056dda77174867deaa1600f8a196792cc6c1356c The package nf-cl-ls was found to contain malicious code. Source: ossf-package-analysis...

CVE-2022-49125

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

Custom certificate activity 安全漏洞

Custom Certificate Activity is a dynamically generated and customizable PDF certificate plugin developed by Mark Nelson as an individual developer. Versions of Custom Certificate Activity prior to 4.4.9 and 5.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the...

CVE-2026-28506

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

Countering Current Geopolitical Cyber Threats With Qualys

Summary In response to the latest public sector threat intelligence on Iranian-linked threat activity, Qualys has released new intelligence capabilities within Qualys Vulnerability Management, Detection & Response VMDR to help organizations immediately assess their exposure. These updates extend...

CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

CVE-2026-28506

The CVE-2026-28506 affects Outline prior to 1.5.0. A logic flaw in the events.list API endpoint’s filtering lets any authenticated user retrieve activity events for documents that have no collection (e.g., Private Drafts, Deleted Documents), regardless of the user’s actual permissions. This resul...