CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/21 7:8 p.m.•25 views

CVE-2026-40869 Decidim amendments can be accepted or rejected by anyone

7.5CVSS0.0004EPSS

CVE•added 2026/04/21 7:8 p.m.•3 views

CVE-2026-40869

CVE-2026-40869 — Decidim : Affected versions of the Decidim framework (starting from 0.19.0 up to, but not including, 0.30.5 and 0.31.1) allow any registered and authenticated user to accept or reject amendments. The vulnerability stems from insufficient permission checks in the amendment accepta...

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/21 7:8 p.m.•2 views

CVE-2026-40869 Decidim amendments can be accepted or rejected by anyone

CNNVD•added 2026/04/21 12:0 a.m.•5 views

Decidim 安全漏洞

Decidim is an open-source participatory democracy framework developed using Ruby on Rails. Versions of Decidim from 0.19.0 to 0.30.5 and 0.31.1 contained security vulnerabilities. These vulnerabilities stemmed from allowing any registered and authenticated user to accept or reject any amendment,...

Github Security Blog•added 2026/04/14 10:22 p.m.•4 views

Exploits0References1

Decidim amendments can be accepted or rejected by anyone

Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...

Exploits0References5Affected Software1

OSV•added 2026/04/14 10:22 p.m.•3 views

GHSA-W5XJ-99CG-RCCM Decidim amendments can be accepted or rejected by anyone

Positive Technologies•added 2026/04/14 12:0 a.m.•1 views

Exploits0References5

PT-2026-33228

RubySec•added 2026/04/14 12:0 a.m.•3 views

Exploits0References5

Decidim amendments can be accepted or rejected by anyone

Exploits0References1Affected Software1

Schneier on Security•added 2025/11/12 12:1 p.m.•3 views

On Hacking Back

Former DoJ attorney John Carlin writes about hackback, which he defines thus: "A hack back is a type of cyber response that incorporates a counterattack designed to proactively engage with, disable, or collect evidence about an attacker. Although hack backs can take on various forms, they are--b...

6.9AI score

Schneier on Security•added 2024/04/17 11:8 a.m.•12 views

Using AI-Generated Legislative Amendments as a Delaying Technique

Canadian legislators proposed 19,600 amendments--almost certainly AI-generated--to a bill in an attempt to delay its adoption. I wrote about many different legislative delaying tactics in A Hackers Mind, but this is a new one...

7.2AI score

Schneier on Security•added 2023/03/14 4:1 p.m.•28 views

How AI Could Write Our Laws

Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there ...

0.2AI score

Oracle linux•added 2021/07/21 12:0 a.m.•129 views

kernel security and bug fix update

4.18.0-305.10.24.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

7.8CVSS2AI score0.01783EPSS

Exploits7

Carbon Black Blog•added 2018/01/19 4:4 p.m.•13 views

January 19, 2018 – Morning Cyber Coffee Headlines – “Puppies” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! January 19, 2018 - Headlines The Five Laws Of Cybersecurity - Forbes 3 things y...

6.7AI score

The Hacker News•added 2016/07/07 1:50 a.m.•14 views

Bulgaria passes Law that mandates Government Software must be Open Source

Do you have any idea what the software you have installed is doing stealthily in the background? If it's not an open source software, can you find out? Usually, the answer is no. After Edward Snowden’s revelations, it's clear that how desperately government agencies wants to put secret backdoors ...

7AI score

ThreatPost•added 2015/02/10 11:37 a.m.•11 views

Researcher Tries to Get Ahead of CFAA Changes, Dumps 10M Sanitized Passwords

The Obama administration’s proposed changes to Computer Fraud and Abuse Act CFAA have security researchers on edge. The amendments, spurred on by 2014’s seemingly never-ending stream of data breaches, contain vagaries in their language that threaten legitimate research done in the name of improvi...

7.3AI score

Exploits0References4

ThreatPost•added 2015/01/16 7:0 a.m.•6 views

Proposed CFAA Amendments Bad News For Security Researchers

Legitimate security researchers, from bug hunters to pen-testers, are buckled in for a bumpy ride as vague language in President Obama’s proposed amendments to the Computer Fraud and Abuse Act CFAA is expected to be debated and sorted out as it makes its way through the legislature. The amendment...

0.2AI score