60 matches found
CVE-2026-8240
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
CVE-2026-45544 Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...
CVE-2026-8240 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
WordPress plugin Broadstreet 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
EUVD-2026-30996
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...
CVE-2026-40022
CVE-2026-40022 affects Apache Camel Platform HTTP Main: when authentication is enabled and a non-root context path (e.g., /api or /admin) is configured, BasicAuthenticationConfigurer/JWTAuthenticationConfigurer derive the path from properties.getPath() if explicit authenticationPath is not set. C...
CVE-2026-34757
A flaw was found in libpng, a library used for handling PNG Portable Network Graphics image files. This vulnerability arises when an application reuses a pointer, previously obtained from functions like pnggetPLTE, by passing it back to a corresponding setter function within the same image...
CVE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...
Discourse 信息泄露漏洞
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from non-employee users having access to read receipt informati...
CVE-2026-0602
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...
CVE-2026-0602
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...
UBUNTU-CVE-2026-0602
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...
CVE-2026-0602
Removed by vendor...
CVE-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...
CVE-2026-27150
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...
CVE-2026-27149
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filtering listprivatemessagestag allows bypassing tag filter conditions, potentially disclosing unauthorized private message metadata. Versions 2025.12.2, 2026.1.1, and...
CVE-2026-27150
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...
CVE-2026-27150 Discourse doesn't ensure guardian check when creating QueryGroupBookmark
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...
CVE-2026-27150 Discourse doesn't ensure guardian check when creating QueryGroupBookmark
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...
CVE-2026-27150
CVE-2026-27150 (Discourse) affects the Data Explorer component (QueryGroupBookmarkable) in Discourse. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing authorization in validate_before_create allowed any logged-in user to create bookmarks for query groups they lack access to, enabling ...