44 matches found
BIT-DISCOURSE-2026-32244 Discourse: Cached outdated summaries can leak removed content
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1,...
CVE-2026-32244
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...
EUVD-2026-30815
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...
CVE-2026-32244
Discourse: Cached outdated AI summaries can leak removed content to anonymous/unprivileged users who cannot regenerate summaries. Affected in versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest. Fixed in those versions. Remediation: upgrade to 2026.1.4, 2026.3.1, 2026.4.1, or 2026....
CVE-2026-32244 Discourse: Cached outdated summaries can leak removed content
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...
@bodonkey/charting-extension (>=1.0.0 <=1.1.0), @draadnl/openstad-cms (>=0.12.2 <=0.12.3) +7 more potentially affected by CVE-2026-45012 via apostrophe (>=0.5.393 <=4.29.0)
apostrophe NPM version =0.5.393, =1.0.0, =0.12.2, =0.0.1, =0.0.1, =2.0.0, =0.5.0, =1.0.0, =1.0.2 - tfp-procrea =1.0.0 Source cves: CVE-2026-45012 Source advisory: OSV:GHSA-PR28-MF3Q-QPG6...
@draadnl/openstad-cms (>=0.12.2 <=0.12.3), apostrophe-personas (>=2.0.0 <=2.2.1) +3 more potentially affected by CVE-2026-33888 via apostrophe (>=0.5.393 <=2.227.12)
apostrophe NPM version =0.5.393, =0.12.2, =2.0.0, =0.5.0, =1.0.0, =1.0.2 Source cves: CVE-2026-33888 Source advisory: OSV:GHSA-XHQ9-58FW-859P...
CVE-2026-32114
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-32114
Discourse (open‑source discussion platform) contains an Insecure Direct Object Reference (IDOR) vulnerability. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, any authenticated user can access metadata about AI personas, features, and LLM models by supplying their identifiers. This m...
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2025-68660
Affected product/versions: Discourse prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Vulnerability: An endpoint allows any authenticated user to bypass the ai_discover_persona access controls and gain ongoing DM access to personas, potentially wired to staff-only categories, RAG documents, or...
CVE-2024-2178
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...
EUVD-2024-20814
Malicious code in bioql PyPI...
The AI chatbot cop squad is here (Lock and Code S06E09)
This week on the Lock and Code podcast … “Heidi” is a 36-year-old, San Francisco-born, divorced activist who is lonely, outspoken, and active on social media. “Jason” is a shy, bilingual teenager whose parents immigrated from Ecuador who likes anime, gaming, comic books, and hiking. Neither of th...
Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign
Artificial intelligence AI company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is said to have used i...
U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation
The U.S. Department of Justice DoJ said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI...
CVE-2024-2178
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...
CVE-2024-2178
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...
CVE-2024-2178 Path Traversal Vulnerability in parisneo/lollms-webui
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...