Lucene search
K

226 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-49256

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowedtags, allowedtaggroups, or required tag groups could leak to anonymous and unauthorized users through categor...

6.3CVSS5.9AI score0.00384EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56997

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Restricted tag and tag-group names attached to publicly readable categories as...

6.3CVSS6.1AI score0.00384EPSS
Exploits0References8
OSV
OSV
added last week5 views

PYSEC-2026-2076 Access control vulnerable to user data deletion by anonynmous users

Impact Anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. Patches The problem is fixed in version 7.2. Workarounds The problem can be fixed by adding dataroles = to AccessControl.userfolder.UserFolder. References...

9.1CVSS5.9AI score0.00413EPSS
Exploits0References6
OSV
OSV
added last week4 views

PYSEC-2026-1687 Unauthenticated views may expose information to anonymous users

Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users, including the following: - /api/graphql/ 1 - /api/users/users/session/ Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes...

3.7CVSS5.8AI score0.00628EPSS
Exploits0References11
NVD
NVD
added 2026/06/12 9:16 p.m.13 views

CVE-2026-47264

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:26 p.m.9 views

EUVD-2026-36561

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48988

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description When the SiteSetting.tags listed by group setting is enabled, the DetailedTagSerializertag group names function returns all tag...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.55 views

Samba Print Exposure Auditor

This is an exposure assessment tool designed to evaluate whether a Samba print service exposes printer-related RPC functionality to anonymous users through the spoolss endpoint...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-32244

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS5.4AI score0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42729

Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.4.6 Description An issue exists in the easyel handle register function where the wp ajax nopriv eel register AJAX handler processes the custom meta POST array. The...

8.8CVSS5.7AI score0.00541EPSS
Exploits1References10
OSV
OSV
added 2026/05/20 11:55 a.m.5 views

BIT-DISCOURSE-2026-32244 Discourse: Cached outdated summaries can leak removed content

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1,...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 12:16 a.m.20 views

CVE-2026-32244

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS0.00233EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 12:4 a.m.19 views

EUVD-2026-30815

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 12:4 a.m.9 views

CVE-2026-32244 Discourse: Cached outdated summaries can leak removed content

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:4 a.m.9 views

CVE-2026-32244

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/19 12:4 a.m.17 views

CVE-2026-32244

Discourse: Cached outdated AI summaries can leak removed content to anonymous/unprivileged users who cannot regenerate summaries. Affected in versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest. Fixed in those versions. Remediation: upgrade to 2026.1.4, 2026.3.1, 2026.4.1, or 2026....

5.3CVSS5.8AI score0.00233EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41758

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.1.4 Discourse versions prior to 2026.3.1 Discourse versions prior to 2026.4.1 Discourse versions prior to 2026.5.0-latest.1 Description Outdated cached AI summaries can leak removed content to anonymous and...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/07 9:7 p.m.57 views

CVE-2026-7891

A vulnerability has been identified in Mendix Runtime All versions. Mendix documentation for access rules does not adequately describe the special behavior of the System.User entity, leaving developers without sufficient guidance to configure access rules securely. This documentation gap may lead...

9.1CVSS0.00272EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 9:7 p.m.31 views

CVE-2026-7891

The CVE-2026-7891 entry documents an authorization misconfiguration in The VerySecureApp (DIVD) built with Mendix Studio Pro 11.8.0 Beta. Anonymous users in the MyFirstModule, tied to the anonymous user role, can access all stored records even when no explicit access rights exist for that role. T...

9.1CVSS6AI score0.00272EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.18 views

Siemens Mendix Studio Pro 安全漏洞

Siemens Mendix Studio Pro is a visualization model-driven IDE developed by the German company Siemens. Versions of Siemens Mendix Studio Pro 11.8.0 Beta and earlier contained security vulnerabilities. These vulnerabilities were caused by incorrect authorization configurations, which could allow...

9.3CVSS5.8AI score0.00272EPSS
Exploits0References1
Rows per page
Query Builder