2 matches found
PT-2026-56279
Name of the Vulnerable Software and Affected Versions Cap affected versions not specified Description The 'GET /api/video/ai' endpoint fails to validate user ownership or membership. This allows authenticated attackers to provide arbitrary video IDs to access private AI metadata, such as titles,...
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...