6234 matches found
BIT-DISCOURSE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content was exposed, only metadata about who read the post...
CVE-2026-5465
creationtimestamp| type| source ---|---|--- 2026-04-07 08:01:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivcqtypg327 2026-04-07 09:15:25+00:00| seen| Telegram/UjrnvOa2JLE3qzXsFYe7vk49vQcInvR-SenKatBboIQ7n94 2026-04-07 09:37:20+00:00| seen|...
CVE-2026-35174
creationtimestamp| type| source ---|---|--- 2026-04-06 18:26:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitvb3h7og2h 2026-04-06 19:29:44+00:00| seen| Telegram/RmP7l-K41x9UoCBscD5W8eizA4yDJaPJqAKKOeWwXNyu-8 2026-04-06 19:30:39+00:00| seen|...
CVE-2026-35171
creationtimestamp| type| source ---|---|--- 2026-04-06 18:24:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv4ynlvh2d 2026-04-06 18:24:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv5qkfjp2d 2026-04-06 19:29:44+00:00| seen|...
CVE-2026-35470
creationtimestamp| type| source ---|---|--- 2026-04-06 18:24:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv4qwen22t 2026-04-06 18:24:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv5jd3vu2j 2026-04-06 19:20:37+00:00| seen|...
CVE-2026-35209
creationtimestamp| type| source ---|---|--- 2026-04-06 18:09:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mitud4tgjt2o 2026-04-06 18:23:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv4jr7ms2t 2026-04-06 18:24:21+00:00| seen|...
CVE-2026-30078
creationtimestamp| type| source ---|---|--- 2026-04-06 15:42:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitm3hpfvn27 2026-04-06 15:43:02+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitm4smwze27 2026-04-06 15:44:42+00:00| seen|...
CVE-2026-34885
creationtimestamp| type| source ---|---|--- 2026-04-06 15:35:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitlonapsw2r 2026-04-06 15:35:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitlpsinwd27 2026-04-06 17:30:35+00:00|...
CVE-2026-33540
creationtimestamp| type| source ---|---|--- 2026-04-06 13:59:09+00:00| published-proof-of-concept| https://github.com/distribution/distribution/security/advisories/GHSA-3p65-76g6-3w7r 2026-04-06 15:35:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitlp3gzvo2r 2026-04-06...
CVE-2026-5612
creationtimestamp| type| source ---|---|--- 2026-04-06 04:01:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3misevnz7or2d 2026-04-06 05:16:26+00:00| published-proof-of-concept| Telegram/kWexhLh74l4dPPtnd5KMBhXNW8mWfIV9fawO6hseg4Rc4 2026-04-06 06:28:54+00:00| seen|...
CVE-2026-5554
creationtimestamp| type| source ---|---|--- 2026-04-05 11:15:53+00:00| published-proof-of-concept| Telegram/8Kty84VYI9Md0M9SNY3xGd7cM29Jpy2z-fm4LFUn2UMmE 2026-04-05 12:14:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miqpyw73fj2n 2026-04-05 12:41:28+00:00| seen|...
CVE-2026-4896
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...
EUVD-2018-21746
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile,...
CVE-2016-20052
creationtimestamp| type| source ---|---|--- 2026-04-04 15:25:45+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mioka3avcd2o 2026-04-04 15:40:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miokztck4i2j 2026-04-14 20:07:08+00:00| seen|...
CVE-2018-25247
MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that displays the attacker's liked posts, the unsanitized subject is rendered, executing the script in the...
EUVD-2026-18999
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber level access and...
SQL Injection
baserCMS is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the blog post functionality, where malicious SQL may be executed in blog posts and attackers can inject crafted SQL statements to manipulate the database...
CVE-2026-34780
creationtimestamp| type| source ---|---|--- 2026-04-04 02:15:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3min62fmxe72w 2026-04-04 02:15:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3min63hbxxi2c 2026-04-04 03:15:52+00:00|...
PT-2026-30367
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile,...
CVE-2026-35558
creationtimestamp| type| source ---|---|--- 2026-04-03 23:21:03+00:00| published-proof-of-concept| Telegram/Y6tkTwR3TbgbLqd0XdHY3LGxaSf8SFw0ekLA3xjK-BPXbc 2026-04-04 04:00:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mindxhjxru25 2026-04-04 05:00:56+00:00| seen|...