CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 5 days ago•8 views

EUVD-2026-34200

9.8CVSS5.8AI score0.00042EPSS

CVE•added 5 days ago•16 views

CVE-2026-49186

CVE-2026-49186 : The provided documents describe a vulnerability in a local MQTT broker where topic-level ACLs are not enforced. This allows any client to subscribe with wildcards (# or +) and enumerate hidden devices, or publish rogue control commands. The issue is rooted in missing access contr...

9.8CVSS5.8AI score0.00042EPSS

Exploits0References1Affected Software1

Cvelist•added 5 days ago•32 views

CVE-2026-49186 Lack of MQTT Broker Topic Access Control Lists

8.6CVSS0.00042EPSS

Vulnrichment•added 5 days ago•4 views

CVE-2026-49186 Lack of MQTT Broker Topic Access Control Lists

8.6CVSS5.8AI score0.00042EPSS

ATTACKERKB•added 5 days ago•4 views

CVE-2026-49186

8.6CVSS5.8AI score0.00042EPSS

Positive Technologies•added 5 days ago•6 views

PT-2026-46141

8.6CVSS5.8AI score0.00042EPSS

Positive Technologies•added 2026/06/02 12:0 a.m.•6 views

PT-2026-45800

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level view other topics authorization. As a result, in forums where users may enter the for...

5.3CVSS5.8AI score0.00043EPSS

ATTACKERKB•added 2026/05/27 3:3 p.m.•6 views

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

5.3CVSS5.8AI score0.00033EPSS

Exploits0References2Affected Software1

CNVD•added 2026/04/10 12:0 a.m.•0 views

Discourse authorization issue vulnerability (CNVD-2026-17262)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse is vulnerable to an authorization issue. The vulnerability stems from the fact that a user who loses access to a topic can stil...

6.3CVSS5.7AI score0.00056EPSS

Exploits0

RedhatCVE•added 2026/04/01 11:0 p.m.•1 views

CVE-2026-32619

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

NVD•added 2026/03/31 6:16 p.m.•2 views

CVE-2026-32619

6.3CVSS0.00056EPSS

ATTACKERKB•added 2026/03/31 5:40 p.m.•2 views

CVE-2026-32619

Exploits0References3Affected Software1

Vulnrichment•added 2026/03/31 5:40 p.m.•1 views

CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

EUVD•added 2026/03/31 5:40 p.m.•6 views

EUVD-2026-17557

Positive Technologies•added 2026/03/31 12:0 a.m.•5 views

PT-2026-29310

CNNVD•added 2026/03/31 12:0 a.m.•6 views

Exploits0References6

Discourse 授权问题漏洞

Cvelist•added 2026/03/20 10:56 p.m.•17 views

Exploits0References3

CVE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS0.00017EPSS