Lucene search
K

353 matches found

NVD
NVD
added 2026/03/23 7:16 p.m.5 views

CVE-2026-33650

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...

7.6CVSS0.0024EPSS
Exploits1References2
OSV
OSV
added 2026/03/23 6:28 p.m.3 views

CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...

7.6CVSS5.9AI score0.0024EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/23 6:28 p.m.4 views

CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...

7.6CVSS5.8AI score0.0024EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/23 6:28 p.m.24 views

CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...

7.6CVSS0.0024EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:28 p.m.5 views

CVE-2026-33650

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...

7.6CVSS5.8AI score0.0024EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/23 6:28 p.m.13 views

CVE-2026-33650

Summary: WWBN AVideo (≤26.0) allows a user with the Videos Moderator permission to perform full video management, including ownership transfer and deletion, despite the permission only enabling publicity changes. Root cause: Permissions::canModerateVideos() is used as the authorization gate for f...

7.6CVSS5.8AI score0.0024EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.12 views

PT-2026-27172

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. A user with the "Videos Moderator" permission can escalate privileges to perform full video management operations, including ownership transfer and...

7.6CVSS5.7AI score0.0024EPSS
Exploits1References6
OSV
OSV
added 2026/03/20 10:56 p.m.3 views

CVE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS5.9AI score0.00196EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/20 10:56 p.m.8 views

EUVD-2026-13896

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 10:56 p.m.22 views

CVE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 3:15 a.m.8 views

CVE-2026-30889

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain...

5.3CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 3:15 a.m.11 views

CVE-2026-30888

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

5.5CVSS0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 2:59 a.m.6 views

CVE-2026-30889 Discourse has Unauthorized Post Data Exposure in discourse-user-notes

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/20 2:59 a.m.5 views

EUVD-2026-13490

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 2:59 a.m.9 views

CVE-2026-30889

Discourse contains an authorization bypass: before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators could view metadata of posts outside their permissions. A fix is available in the patched releases. CVSSv4 base score is 5.3 (MEDIUM); attack vector NETWORK, low complexity, no user i...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 2:59 a.m.4 views

CVE-2026-30889

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 2:55 a.m.22 views

CVE-2026-30888 Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

2.2CVSS0.00213EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 2:55 a.m.6 views

CVE-2026-30888 Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

2.2CVSS5.8AI score0.00213EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/20 2:55 a.m.5 views

EUVD-2026-13488

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

2.2CVSS5.7AI score0.00213EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 2:55 a.m.4 views

CVE-2026-30888

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

2.2CVSS5.7AI score0.00213EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder