SUSE CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

CVE-2026-27600

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

CVE-2026-24502

creationtimestamp| type| source ---|---|--- 2026-03-03 21:59:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg6rdjfu3u2s 2026-03-03 22:03:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg6rkk6yds2u 2026-03-05 22:20:09+00:00| seen|...

BIT-DISCOURSE-2026-27162 DIscourse doesn't prevent whispers to leak in excerpts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

BIT-DISCOURSE-2026-27151 Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

CVE-2026-1874

creationtimestamp| type| source ---|---|--- 2026-03-03 08:21:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg5dlj6nfy2x 2026-03-03 08:36:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg5egelkcg27 2026-03-03 09:00:31+00:00| seen|...

CVE-2026-0754

creationtimestamp| type| source ---|---|--- 2026-03-03 04:05:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg4vc3hhpa2v 2026-03-03 04:10:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg4vkzvqvk2e...

CVE-2025-48636

creationtimestamp| type| source ---|---|--- 2026-03-02 20:20:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg43carjil2f 2026-03-02 20:20:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg43cuf3wg2s...

CVE-2026-21853

creationtimestamp| type| source ---|---|--- 2026-03-02 19:18:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg3xtoe7yt2s 2026-03-02 19:18:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg3xtzdyf52c 2026-03-02 19:18:52+00:00| seen|...

GHSA-5PMP-JPCF-PWX6

creationtimestamp| type| source ---|---|--- 2026-03-02 18:40:09+00:00| seen| https://gist.github.com/alon710/c8ef02a720c5ab2caad0ee631080ee0f 2026-03-02 18:55:03+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3mg3wjx7soq2t...

CVE-2025-52468

creationtimestamp| type| source ---|---|--- 2026-03-02 16:29:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg3ogey6un2s 2026-03-02 17:57:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg3tcy3iw524 2026-03-03 19:40:10+00:00| seen|...

CVE-2025-52482

creationtimestamp| type| source ---|---|--- 2026-03-02 16:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg3ms2y2yy2u 2026-03-02 17:43:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg3sk4fr5j27 2026-03-04 07:00:14+00:00| seen|...

CVE-2026-3431

creationtimestamp| type| source ---|---|--- 2026-03-02 13:17:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg3do2p6kz26 2026-03-02 13:53:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg3fokgmj42u 2026-03-02 15:36:47+00:00| seen|...

LLM-Assisted Deanonymization

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of...

CVE-2025-30044

creationtimestamp| type| source ---|---|--- 2026-03-02 10:55:00+00:00| seen| https://cert.pl/en/posts/2026/03/CVE-2025-10350/ 2026-03-02 12:09:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg37ukv4rn2n 2026-03-02 13:08:35+00:00| seen|...

CVE-2026-3411

creationtimestamp| type| source ---|---|--- 2026-03-02 08:03:11+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mg2s4d62gt2s 2026-03-02 08:24:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg2tcwg4ro2e 2026-03-03 23:20:09+00:00| seen|...

CVE-2026-3410

creationtimestamp| type| source ---|---|--- 2026-03-02 08:02:25+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mg2s2xekhp2l 2026-03-02 08:05:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg2safisjc2z 2026-03-04 06:00:17+00:00| seen|...

CVE-2026-3000

creationtimestamp| type| source ---|---|--- 2026-03-02 05:49:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10741-daed4-2.html 2026-03-02 07:22:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg2ptqb6c225 2026-03-02 07:22:58+00:00| seen|...

CVE-2026-2999

creationtimestamp| type| source ---|---|--- 2026-03-02 05:49:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10741-daed4-2.html 2026-03-02 07:22:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg2ptxicnr2x 2026-03-02 07:23:14+00:00| seen|...

CVE-2026-28554

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...