2114 matches found
CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...
CVE-2026-32619
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...
CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...
EUVD-2026-17557
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...
CVE-2026-32619
Discourse vulnerability CVE-2026-32619 affects the poll feature when a user loses access to a topic in private categories. Versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 allow such users to interact with polls (vote and togg...
CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...
Discourse 授权问题漏洞
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse is vulnerable to an authorization issue. The vulnerability stems from the fact that a user who loses access to a topic can stil...
CVE-2021-27946
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. issue 1 of 3...
BIT-DISCOURSE-2026-31805 Discourse has a poll authorization bypass via post_id array parameter
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing postid as an...
CVE-2026-27044
Improper Control of Generation of Code 'Code Injection' vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through = 4.12.0...
CVE-2026-31805
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing...
i40e: Fix preempt count leak in napi poll tracepoint
...
CVE-2026-27044
Improper Control of Generation of Code 'Code Injection' vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through = 4.12.0...
SUSE CVE-2026-23313
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using getcpu in the tracepoint assignment causes an obvious preempt count leak because nothing invokes putcpu to undo it: softirq: huh, entered softirq 3 NETRX with preemptcoun...
CVE-2026-27044 WordPress Total Poll Lite plugin <= 4.12.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through = 4.12.0...
CVE-2026-27044 WordPress Total Poll Lite plugin <= 4.12.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through = 4.12.0...
CVE-2026-27044
CVE-2026-27044 is reported in Wordfence as a vulnerability in TotalPoll for Polls and Contests (TotalPoll Lite)
CVE-2026-23313
A flaw was found in the i40e network driver within the Linux kernel. This vulnerability, a preemption count leak, occurs in the NAPI New API poll tracepoint due to incorrect handling of CPU preemption counts. This issue could lead to an imbalanced preemption count, potentially causing kernel...
EUVD-2026-15256
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using getcpu in the tracepoint assignment causes an obvious preempt count leak because nothing invokes putcpu to undo it: softirq: huh, entered softirq 3 NETRX with preemptcoun...
CVE-2026-23313
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using getcpu in the tracepoint assignment causes an obvious preempt count leak because nothing invokes putcpu to undo it: softirq: huh, entered softirq 3 NETRX with preemptcoun...