CVE-2026-44786 Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...

CVE-2026-44786

CVE-2026-44786 affects Discourse: versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1 allow chat events from public category channels to be published to MessageBus without proper permission scoping, enabling any MessageBus subscr...

CVE-2026-45831

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

PT-2026-46999

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A user in one workspace can exercise another workspace's integration by supplying its ID to the 'testConnection' endpoint. This occurs because the integration is fetched in a bypass scope, and the...

automation-gateway: aap-gateway: Improper Scope Handling in OAuth2 Tokens for AAP 2.5

A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...

Tolgee 安全漏洞

Tolgee is an open source multilingual translation and localization platform designed to help development teams easily manage and maintain multilingual software applications and websites. A security vulnerability exists in Tolgee versions prior to v3.57.2, which stems from a failure to properly...

PT-2024-20761 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: The TYPO3-specifi...

CVE-2023-38510

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

chromium-browser: Permission scoping error in WebRequest

The WebRequest API implementation in extensions/browser/api/webrequest/webrequestapi.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted 1 app or 2...