EUVD-2026-20058

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

CVE-2026-24901 Outline's IDOR allows unauthorized viewing and seizing of private deleted drafts

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference IDOR vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users,...

CVE-2026-24134

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...

CVE-2026-24134 StudioCMS has an Authorization Bypass Through User-Controlled Key

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...

EUVD-2012-6481

Malware in sbrugna...

EUVD-2016-5606

Malware in sbrugna...

CVE-2023-3707

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...

PT-2021-16151 · WordPress · Visual Link Preview

Name of the Vulnerable Software and Affected Versions: Visual Link Preview WordPress plugin versions prior to 2.2.3 Description: The issue allows any authenticated user to call several AJAX actions without proper authorization, due to the CSRF nonce being displayed for all authenticated users. Th...