14 matches found
PT-2026-46001
Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers...
PT-2026-34605
OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...
CVE-2026-2295
CVE-2026-2295 affects the WordPress plugin “WPZOOM Addons for Elementor – Starter Templates & Widgets” up to version 1.3.2, exposing protected post titles and excerpts via an unauthenticated request to ajax_post_grid_load_more due to a missing capability check. Multiple sources (Wordfence, CVE en...
CVE-2025-66402 misskey.js's export data contains private post data
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...
EUVD-2016-1929
Malware in sbrugna...
EUVD-2021-19551
Malware in sbrugna...
EUVD-2024-17711
Malicious code in bioql PyPI...
CVE-2025-54352
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...
CVE-2024-1904
The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...
CVE-2024-10693
The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level acces...
WordPress Widget Options Extended plugin <= 5.1.0 - Subscriber+ Private/Draft Post Exposure Vulnerability
Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options - Extended versions = 5.1.0...
WordPress Widget Options plugin <= 4.0.1 - Subscriber+ Private/Draft Post Exposure Vulnerability
Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...
CVE-2023-7199 Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...
Flarum 访问控制错误漏洞
Flarum is an open source forum system for the Flarum community. An access control error vulnerability exists in flarum mention versions prior to 1.6.3, which stems from allowing the disclosure of all posts in the forum database, including posts awaiting approval, posts in tags to which the user...