CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

CVE-2026-22640

CVE-2026-22640 describes an access control vulnerability in Grafana OSS where an Organization administrator can permanently delete the Server administrator account via the DELETE /api/org/users/ endpoint. The attack requires an existing Organization administrator and either a Server administrator...

WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks Single entry trash: https://example.com/wp-admin/admin.php?page=vfb-entries&action=trash&entry=2 Since entry permanent deletion:...