CVE-2026-33355 Discourse filters whisper posts from private-posts feed

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

EUVD-2026-13337

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

CVE-2026-33355 Discourse filters whisper posts from private-posts feed

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

CVE-2026-32191

creationtimestamp| type| source ---|---|--- 2026-03-19 21:23:02+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhgwq6xs252h 2026-03-19 21:23:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhgwrf3me42v 2026-03-19 21:23:44+00:00| seen|...

CVE-2026-32886

creationtimestamp| type| source ---|---|--- 2026-03-19 21:01:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhgviz25ni2u 2026-03-19 21:13:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhgw6jyfnv2s...

CVE-2026-25443

creationtimestamp| type| source ---|---|--- 2026-03-19 08:16:17+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-25443 2026-03-19 09:23:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhfojfxrgx2c 2026-03-19 09:24:51+00:00| seen|...

CVE-2026-27096

creationtimestamp| type| source ---|---|--- 2026-03-19 06:36:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhff6pqune25 2026-03-19 06:43:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhffgtf2kf2d 2026-03-19 06:53:28+00:00| seen|...

PT-2026-26424

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The /private-posts API endpoint did not apply post-type...

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the /private-posts endpoint not applying post type...

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions 5.0.0 to 5.0.6 of Admidio have security vulnerabilities. These vulnerabilities stem...

CVE-2026-27135

creationtimestamp| type| source ---|---|--- 2026-03-18 18:42:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhe5bdyig32u 2026-03-18 18:48:30+00:00| seen| https://bsky.app/profile/potato.software/post/3mhe5my3bp22q 2026-03-24 05:40:09+00:00| seen|...

CVE-2026-33297

creationtimestamp| type| source ---|---|--- 2026-03-18 17:57:26+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-6547-8hrg-c55m 2026-03-23 16:13:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqhc3jycr2c 2026-03-23 16:13:45+00:0...

CVE-2026-31898

creationtimestamp| type| source ---|---|--- 2026-03-18 12:41:28+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhdj4o4jp72s 2026-03-18 12:42:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhdj5oxa7f2u 2026-03-18 12:42:07+00:00| seen|...

EUVD-2026-12812

Missing Authorization vulnerability in WebberZone Contextual Related Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a before 4.2.2...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing capability checks in the clonebulkactionhandler and republishrequest functions. An attacker can duplicate or overwrite posts, including those they should not have access to, by sending crafted reques...

GHSA-G9W4-M5FX-X3WV Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

CVE-2026-32565

Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through 4.2.2...

CVE-2026-32565

Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through 4.2.2...

CVE-2026-32565

CVE-2026-32565 concerns the WordPress plugin Contextual Related Posts (versions before 4.2.2). The issue is a Missing Authorization vulnerability arising from broken access control, allowing exploitation under unauthenticated conditions (per CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N; base score 5...

CVE-2026-32565 WordPress Contextual Related Posts plugin < 4.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through 4.2.2...