Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded yesterday35 views

CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes`

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

7.1CVSS
Exploits0References1
CVE
CVEadded yesterday4 views

CVE-2026-33398

NamelessMC 2.2.4 is affected by an insecure access control in modules/Forum/pages/forum/get_quotes.php, which only checks that a caller is logged in and reads a post by an attacker-controlled post ID. The backend helper in modules/Forum/classes/Forum.php does not enforce forum or topic ACLs, allo...

7.1CVSS5.8AI score
Exploits0References1
NVD
NVDadded 6 days ago5 views

CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.00031EPSS
Exploits0References6
NVD
NVDadded 2026/02/26 4:24 p.m.4 views

CVE-2026-26207

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, discourse-policy plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The PolicyController loads posts by ID without verifying the current...

5.4CVSS0.00051EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.5 views

PT-2026-22154

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the...

5.4CVSS6AI score0.00051EPSS
Exploits0References7
Malwarebytes
Malwarebytesadded 2022/04/29 10:18 a.m.28 views

Warning! Instagram Stories hides a scam in plain sight

When someone finds their social media account compromised, they first think about letting their followers know. And they do. They warn others from reading any strange posts, usually containing a rogue link, before they sort out the matter behind the scenes. Some curious followers who missed these...

7AI score
Exploits0
ThreatPost
ThreatPostadded 2012/11/22 2:21 a.m.15 views

Facebook Proposes Eliminating User Voting System for Privacy Changes

Facebook today announced plans to eliminate its voting system that gave users a say in how their privacy is handled. In a statement issued Wednesday, Elliot Schrage, Vice President, Communications, Public Policy and Marketing for the Menlo Park, Calif.-based social media company, said the voting...

6.9AI score
Exploits0References1
Rows per page
Query Builder