Lucene search
K

1077 matches found

NVD
NVD
added 2026/02/27 8:21 p.m.10 views

CVE-2026-28354

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item /actions/addtocollection.php due to missi...

7.1CVSS0.00263EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.5 views

CVE-2026-26265

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 7:18 p.m.6 views

EUVD-2026-9062

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item /actions/addtocollection.php due to missi...

7.1CVSS6AI score0.00263EPSS
Exploits1References1
CVE
CVE
added 2026/02/27 7:18 p.m.18 views

CVE-2026-28354

ClipBucket v5 contains an authorization flaw (IDOR) in collection item management prior to 5.5.3 #59. An authenticated user can modify items in another user’s collection via add_to_collection.php (missing authorization) and removeItemFromCollection() via manage_collections.php?mode=manage_items… ...

7.1CVSS6AI score0.00263EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 7:18 p.m.7 views

CVE-2026-28354

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item /actions/addtocollection.php due to missi...

7.1CVSS6AI score0.00263EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.5 views

PT-2026-22379

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 Description ClipBucket is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are susceptible to authorization flaws. Authenticated users can modify collection items...

7.1CVSS6AI score0.00263EPSS
Exploits1References3
NVD
NVD
added 2026/02/26 4:24 p.m.15 views

CVE-2026-26265

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 3:10 p.m.4 views

EUVD-2026-8859

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS5.7AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 3:10 p.m.23 views

CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 3:10 p.m.5 views

CVE-2026-26265

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS5.7AI score0.00239EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/26 3:10 p.m.27 views

CVE-2026-26265

Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 expose an IDOR in the directory items endpoint (GET /directory_items.json?period=all&user_field_ids=...). The DirectoryItemsController#index accepts arbitrary user_field_ids without proper authorization, bypassing visibility controls a...

7.5CVSS5.7AI score0.00239EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/26 3:10 p.m.5 views

CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.11 views

PT-2026-22156

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. An IDOR vulnerability exists in the directory items endpoint, allowing...

7.5CVSS5.9AI score0.00239EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2026-0912 Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trmansaveoption' function and on the 'trmansaveoptionitems' in all versions up to, and including, 1.2.7. This makes it possible...

8.8CVSS5.7AI score0.00292EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/18 10:59 p.m.29 views

CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

4.8CVSS0.0021EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/18 10:59 p.m.3 views

CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

4.8CVSS5.5AI score0.0021EPSS
Exploits2References2
OSV
OSV
added 2026/02/18 10:59 p.m.6 views

CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

4.8CVSS5.5AI score0.0021EPSS
Exploits2References4
NVD
NVD
added 2026/02/18 7:16 a.m.12 views

CVE-2026-1857

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...

4.3CVSS0.00283EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

WordPress plugin Gutenberg Blocks with AI by Kadence WP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the rangeisholeinparent function not checking inline extended items, potentially leading to inval...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
Rows per page
Query Builder