6234 matches found
CVE-2026-28377
creationtimestamp| type| source ---|---|--- 2026-03-26 22:21:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhynbb2tnv2s 2026-03-26 22:22:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhync67ola27 2026-03-26 23:20:03+00:00| seen|...
CVE-2026-33673
creationtimestamp| type| source ---|---|--- 2026-03-26 22:19:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyn5pdppa2x 2026-03-26 22:19:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyn6funvc2t 2026-03-26 22:20:11+00:00| seen|...
CVE-2026-33671
creationtimestamp| type| source ---|---|--- 2026-03-26 22:19:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyn5i3kzq2d 2026-03-26 22:19:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyn67qijr2c 2026-03-26 23:20:15+00:00| seen|...
CVE-2026-33687
creationtimestamp| type| source ---|---|--- 2026-03-26 22:18:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyn477icy2r 2026-03-26 23:01:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhypiftt2w2n 2026-03-26 23:20:15+00:00| seen|...
CVE-2026-33686
creationtimestamp| type| source ---|---|--- 2026-03-26 22:18:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyn3ypzwa2x 2026-03-26 22:18:36+00:00| seen| https://bsky.app/profile/potato.software/post/3mhyn3zn4td2z 2026-03-26 22:56:19+00:00| seen|...
CVE-2026-33940
creationtimestamp| type| source ---|---|--- 2026-03-26 20:59:50+00:00| published-proof-of-concept| https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6 2026-03-27 22:24:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mi35w4bscs2s...
CVE-2026-33506
creationtimestamp| type| source ---|---|--- 2026-03-26 20:54:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhyifeaw6m27 2026-03-26 21:20:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyjugwtbq2r 2026-03-26 21:36:49+00:00| seen|...
CVE-2026-33491
creationtimestamp| type| source ---|---|--- 2026-03-26 20:44:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhyhthdl3k2n 2026-03-26 21:20:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyjuo5la327 2026-03-26 21:36:40+00:00| seen|...
CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
CVE-2026-32329
Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...
CVE-2026-32419
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...
CVE-2026-32565
Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through 4.2.2...
CVE-2026-1217
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
CVE-2026-33355
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...
CVE-2026-33428
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions...
CVE-2026-33411
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...
CVE-2026-2121
The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addclass' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2026-4066
The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...
CVE-2026-34005
creationtimestamp| type| source ---|---|--- 2026-03-26 15:00:04+00:00| seen| https://t.me/GithubRedTeam/77352 2026-03-26 21:00:04+00:00| published-proof-of-concept| Telegram/EErZ2DHOfxeZ1Fjlnav1XzXAT9awV59GDGk5YYfJrqej7U 2026-03-29 17:18:36+00:00| seen|...