Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/03/20 2:59 a.m.23 views

CVE-2026-30889 Discourse has Unauthorized Post Data Exposure in discourse-user-notes

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain...

5.3CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 10:16 a.m.7 views

CVE-2026-2268

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...

7.5CVSS0.00331EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-59236

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00388EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-59098

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00375EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:16 a.m.5 views

CVE-2023-6897

The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.4AI score0.00375EPSS
Exploits0References1
Rows per page
Query Builder