CVE-2026-53807

creationtimestamp| type| source ---|---|--- 2026-06-14 17:00:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mobamt2x672p...

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

PT-2026-48948

Name of the Vulnerable Software and Affected Versions Camaleon CMS version 2.9.2 Description Improper authorization in the administrator draft autosave endpoint allows a low-privileged authenticated user to overwrite a draft associated with another user's post. This is achieved by sending an...

CVE-2026-10733

creationtimestamp| type| source ---|---|--- 2026-06-11 12:45:12+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnzaxmissr2y 2026-06-11 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260612...

CVE-2026-41862

creationtimestamp| type| source ---|---|--- 2026-06-11 12:40:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnzaoi3n5f2d...

CVE-2026-0267

creationtimestamp| type| source ---|---|--- 2026-06-10 19:03:23+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3mnxfmwtg2m2k 2026-06-10 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1917 2026-06-10 22:58:09+00:00| seen|...

CVE-2026-5961

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument postid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

CVE-2026-50258

creationtimestamp| type| source ---|---|--- 2026-06-05 13:33:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnkatubr7y2v 2026-06-06 02:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlkmlszlr2l 2026-06-06 18:17:27+00:00| seen|...

CVE-2026-10155

creationtimestamp| type| source ---|---|--- 2026-05-31 01:14:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn4fb2pxi327...

CVE-2025-41279

creationtimestamp| type| source ---|---|--- 2026-05-29 13:20:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmymuebmrv27...

WordPress plugin Advanced Custom Fields: Extended 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-14481 Yoast SEO <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via 'post_id' Parameter

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

CVE-2026-9011

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

CVE-2026-44790

creationtimestamp| type| source ---|---|--- 2026-05-20 00:16:19+00:00| seen| https://bsky.app/profile/securitylab-jp.bsky.social/post/3mmamu5rnds2m...

CVE-2026-8578

creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260515 2026-05-14 21:37:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mltrmr5sjx2q 2026-05-17 18:00:00+00:00| seen|...

CVE-2026-1460

creationtimestamp| type| source ---|---|--- 2026-05-12 10:21:58+00:00| seen| https://bsky.app/profile/ctsd-gmbh.bsky.social/post/3mlnkxp5i4e2q...

CVE-2026-7050

creationtimestamp| type| source ---|---|--- 2026-05-12 08:33:15+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlnevhmsnt2c 2026-05-13 01:32:24+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mlp5ttfegh2s...

CVE-2026-8289

creationtimestamp| type| source ---|---|--- 2026-05-11 14:55:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlljryfwx42e...

EUVD-2022-55979

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...