Discourse Access Control Error Vulnerability (CNVD-2026-17485)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from an open Access Control Failure in the Data Explorer plugin,...

CVE-2026-28218

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12....

Discourse 访问控制错误漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from an open Access Control Failure in the Data Explorer plugin,...

CVE-2025-15487

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which...

CVE-2025-15487

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which...

CVE-2025-15487

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which...

CVE-2025-15487 Code Explorer <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which...

CVE-2025-15487 Code Explorer <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which...

PT-2026-5888

Name of the Vulnerable Software and Affected Versions WordPress Code Explorer plugin versions through 1.4.6 Description The Code Explorer plugin for WordPress has a flaw that allows authorized users with Administrator-level access or higher to read arbitrary files on the server. This is possible...

EUVD-2023-58099

Malicious code in bioql PyPI...

@apollo/chakra-helpers (>=1.1.0 <=2.2.0), @backstage/plugin-apollo-explorer (>=0.0.0-nightly-20220719025614 <=0.1.17-next.2) potentially affected by CVE-2025-59845 via @apollo/explorer (>=0.2.1 <=2.0.2)

@apollo/explorer NPM version =0.2.1, =1.1.0, =0.0.0-nightly-20220719025614, =0.1.17-next.2 Source cves: CVE-2025-59845 Source advisory: OSV:GHSA-W87V-7W53-WWXV...

CVE-2023-5816

The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only...

CVE-2022-43426

Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...

CVE-2025-27321 WordPress Blightly Explorer plugin <= 2.3.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Blighty Blightly Explorer blighty-explorer allows Stored XSS.This issue affects Blightly Explorer: from n/a through = 2.3.0...

GHSA-MF4P-WJRM-CMJP AWS secrets displayed without masking by Jenkins S3 Explorer Plugin

S3 Explorer Plugin stores AWSSECRETACCESSKEY in its global configuration file s3explorer.xml on the Jenkins controller as part of its configuration. While this secret is stored encrypted on disk, in S3 Explorer Plugin 1.0.8 and earlier the global configuration form does not mask the...

Design/Logic Flaw

Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...

CVE-2022-43426

CVE-2022-43426 refers to Jenkins S3 Explorer Plugin versions 1.0.8 and earlier, where the AWS_SECRET_ACCESS_KEY field in the global configuration form is not masked. This creates a risk that an attacker could observe or capture the secret, as described in the CVE entry and corroborated by multipl...

PT-2022-26910 · Jenkins · Jenkins S3 Explorer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins S3 Explorer Plugin versions 1.0.8 and earlier Description: The issue concerns the Jenkins S3 Explorer Plugin, where the AWS SECRET ACCESS KEY form field is not masked, increasing the potential for attackers to observe and capture it...

CVE-2022-43426

Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...

Notepad++ Plugin Notepad# 1.5 - Local Exploit

No description provided by source. Exploit Title: Notepad++ - Notepad plugin local exploit Google Dork: Date: 2013-12-01 Exploit Author: Sun Junwen Vendor Homepage: http://notepad-plus-plus.org/ Software Link: http://notepad-plus-plus.org/download/ Version: Notepad ++ 6.3.2 with Notepad plugin 1....