CVE-2026-32994

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

EUVD-2026-33248

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

Rocket.Chat: IDOR: autotranslate.translateMessage Full Message Content Leak

The /api/v1/autotranslate.translateMessage endpoint allowed any authenticated user to retrieve the full content of any message from any room, including private groups, direct messages, and channels. The endpoint fetched the message without performing a room access check, returning the complete...

PT-2026-29915

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the save.json.php endpoint in the AI plugin, which loaded AI response objects using a...

BIT-DISCOURSE-2025-68666 Discourse users archives leaked to users with moderation privileges

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. Private topic/post content made by the users are leaked...

CVE-2025-68666

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. Private topic/post content made by the users are leaked...

CVE-2025-68666 Discourse users archives leaked to users with moderation privileges

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. Private topic/post content made by the users are leaked...

CVE-2025-68666

Discourse (open source) has a vulnerability where user archives are viewable by users with moderation privileges in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, leaking private topic/post content and breaching confidentiality. The issue is fixed in those same versions (3.5.4, 2025...

EUVD-2019-11156

Malware in sbrugna...

EUVD-2025-26582

Malicious code in bioql PyPI...

EUVD-2023-59724

Malicious code in bioql PyPI...

CVE-2023-5845

The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags...

php: Leak partial content of the heap through heap buffer over-read in mysqlnd

A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malicious server interactions...

mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...

mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...

ASB-A-338024220

In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed...

CLSA-2024-1735130624 php: Fix of CVE-2024-8929

CVE-2024-8929: Fix leak partial content of the heap through heap buffer over-read issue...

[SECURITY] [DLA 3986-1] php7.4 security update

Debian LTS Advisory DLA-3986-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 08, 2024 https://wiki.debian.org/LTS Package : php7.4 Version : 7.4.33-1+deb11u7 CVE ID : CVE-2024-8929 CVE-2024-8932 CVE-2024-11233 CVE-2024-11234 CVE-2024-11236 Debian Bug :...

PT-2024-5298 · Libcurl +11 · Libcurl +11

Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue is related to the GTime2str function in libcurl's ASN1 parser code, which is used for parsing an ASN.1 Generalized Time field. If given a syntactically incorrect field, the parser...