8 matches found
CVE-2026-14751
The vulnerability CVE-2026-14751 targets mjperpinosa stumasy via SQL injection in Notes_controller::search_scratch_data (file application/PHP/objects/notes/search_scratch_data.php). The exploit arises from manipulating the argument field_name, enabling remote execution of SQL. Public exploit is s...
EUVD-2026-41757
A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...
EUVD-2026-41756
A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...
CVE-2026-14750
The CVE-2026-14750 entry concerns mjperpinosa stumasy with a SQL injection in the function Notes_controller::accessing_dictionary_authorization (file application/PHP/objects/notes/accessing_dictionary_authorization.php). Manipulating the Password argument enables a remote attacker to leverage SQL...
BIT-DISCOURSE-2026-26973 Discourse doesn't scope reviewable notes to user-visible reviewables
Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...
EUVD-2026-8878
Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...
CVE-2026-26973
Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contain security vulnerabilities. These vulnerabilities stem...