PT-2026-26192

Summary createEventStream in h3 is vulnerable to Server-Sent Events SSE injection due to missing newline sanitization in formatEventStreamMessage and formatEventStreamComment. An attacker who controls any part of an SSE message field id, event, data, or comment can inject arbitrary SSE events to...

CVE-2026-32292

creationtimestamp| type| source ---|---|--- 2026-03-17 18:59:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhbnqtshit2c 2026-03-17 18:59:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhbnrugfpz2c 2026-03-18 07:30:29+00:00| seen|...

CVE-2026-28506

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

EUVD-2026-12584

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

CVE-2026-28506

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-1582)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the WebSocket session handling in kernel/util/websocket.go. An attacker can connect to the /ws endpoint and receive real-time document metadata and activity events by using the special id=auth WebSocket...

EUVD-2026-12451

Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0...

CVE-2026-32583

Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0...

CVE-2026-33039

creationtimestamp| type| source ---|---|--- 2026-03-16 15:30:54+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-9x67-f2v7-63rw 2026-03-20 23:01:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjmoerimy26 2026-03-20 23:01:48+00:0...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the WebSocket post deletion event. An attacker can access unrevealed message contents by intercepting or listening to these events after deletion. Remediation Upgrade...

EUVD-2026-12415

Mattermost versions 11.3.x = 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the WebSocket post deletion event. An attacker can access unrevealed message contents by intercepting or listening to these events after deletion. Remediation Upgrade...

CVE-2026-32583

CVE-2026-32583 describes a broken access control in the Webnus Webnus Modern Events Calendar (WordPress) where misconfigured access control levels allow bypassing authorization. Affected: Modern Events Calendar

CVE-2026-32583 WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0...

CVE-2026-32583 WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0...

WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Aman Rawat in WordPress Plugin Modern Events Calendar versions = 7.29.0...

CVE-2026-2578

Mattermost versions 11.3.x = 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579...

CVE-2026-28521

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information...

CVE-2026-2578

Mattermost versions 11.3.x = 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579...