6232 matches found
CVE-2026-44783
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...
Malicious code in claudechor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a9cbb36cf7ed82685830b5d3a2b341bff9ef86e2688842d1f54259b2b6fb533 The package's bin entry reads installer-owned Claude credential files /.claude/.credentials.json and /.claude.json — written by Anthropic's official...
CVE-2026-44783
Product/Component : Discourse (open-source discussion platform). Issue : A flaw in how replies to whispers is handled allows authenticated users outside the groups configured in whispers_allowed_groups to post into a topic’s staff-only whisper channel. The injected content is visible to whisperer...
CVE-2026-44782 Discourse: GroupPostSerializer leaks hidden full names through reaction post association
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared includeuserlongname? as the predicate for its :name attribute, but AMS looks for includename?...
CVE-2026-44780 Discourse: Category queue reviewers can read raw incoming emails from queued posts
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...
CVE-2026-44780 Discourse: Category queue reviewers can read raw incoming emails from queued posts
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...
CVE-2026-44780
Summary of CVE-2026-44780 (Discourse) : The flaw arises in the ReviewableQueuedPostSerializer where, for posts arriving via incoming email, payload["raw_email"] was unconditionally included. This allowed category moderation group members in the review queue to access the full inbound email conten...
CVE-2026-50087
creationtimestamp| type| source ---|---|--- 2026-06-12 17:02:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo47t2lp3b2b 2026-06-12 17:41:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4bynt77r2u 2026-06-14 05:02:17+00:00| seen|...
CVE-2026-50085
creationtimestamp| type| source ---|---|--- 2026-06-12 17:02:30+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo47sletpy2c 2026-06-12 17:52:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4cmenjg423 2026-06-13 18:11:30+00:00| seen|...
CVE-2026-6211
creationtimestamp| type| source ---|---|--- 2026-06-12 16:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo44dscrod2p 2026-06-12 17:51:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4ckkzzfi2p...
CVE-2026-44892
creationtimestamp| type| source ---|---|--- 2026-06-12 06:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo32tbuo3h2n 2026-06-12 07:41:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo3aic2bcn23...
CVE-2026-48610
creationtimestamp| type| source ---|---|--- 2026-06-12 05:46:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo3224idol25 2026-06-12 08:01:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo3bkccbxg2a 2026-06-12 12:02:06+00:00| seen|...
CVE-2026-47367
creationtimestamp| type| source ---|---|--- 2026-06-12 05:00:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2xhmx67l26 2026-06-12 05:51:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo32d2wc762j 2026-06-18 06:25:42+00:00| seen|...
CVE-2026-48611
creationtimestamp| type| source ---|---|--- 2026-06-12 05:00:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2xhfwjef24 2026-06-12 05:36:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo2zi7lj7g2b 2026-06-12 18:51:21+00:00| seen|...
CVE-2026-44249
creationtimestamp| type| source ---|---|--- 2026-06-12 01:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2k2h43or2t 2026-06-12 01:44:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo2mj5sag22j 2026-06-15 04:37:06+00:00| seen|...
CVE-2026-7870
creationtimestamp| type| source ---|---|--- 2026-06-11 17:00:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnzpah4ouw24 2026-06-11 17:23:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnzqidw2kl24 2026-06-16 18:07:08+00:00| seen|...
Exploit for CVE-2026-7665
CVE-2026-7665 — Unauthenticated Information Disclosure in Esse...
CVE-2026-8613
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-41856
creationtimestamp| type| source ---|---|--- 2026-06-11 08:00:59+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnyr3dgend2x 2026-06-11 09:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116730653982449979 2026-06-11 09:00:29+00:00| seen|...
CVE-2026-41700
creationtimestamp| type| source ---|---|--- 2026-06-11 08:00:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnyr33x2kg26 2026-06-11 09:51:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnyxbciz3y2d 2026-06-12 15:07:07+00:00| seen|...