CVE-2026-2404

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...

BIT-DISCOURSE-2026-27162 DIscourse doesn't prevent whispers to leak in excerpts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

CVE-2026-27162 DIscourse doesn't prevent whispers to leak in excerpts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

CVE-2016-10790

cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net SEC-192...

EUVD-2024-48961

Malicious code in bioql PyPI...

CVE-2023-5331

Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information...

CVE-2021-32788

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal...

CVE-2024-30146

creationtimestamp| type| source ---|---|--- 2025-04-30 22:14:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14181 2025-05-01 01:56:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo37f5cvze2p 2025-05-01 02:17:30+00:00| seen| https://t.me/cvedetector/24171...

CVE-2025-24909

creationtimestamp| type| source ---|---|--- 2025-04-16 22:57:40+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12161 2025-04-17 02:06:23+00:00| seen| https://t.me/cvedetector/23189 2025-04-17 02:48:33+00:00| seen|...

CVE-2025-39522 WordPress Dynamic Post <= 4.10 - Settings Change Vulnerability

Missing Authorization vulnerability in Sebastian Lee Dynamic Post allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dynamic Post: from n/a through 4.10...

CVE-2025-39522 WordPress Dynamic Post plugin <= 5.03 - Settings Change vulnerability

Missing Authorization vulnerability in Service2Client LLC Dynamic Post dynamic-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Post: from n/a through = 5.03...

CVE-2025-21133

creationtimestamp| type| source ---|---|--- 2025-01-14 19:09:35+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1567 2025-01-14 19:16:43+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpxnfr4zu2r 2025-01-14 20:42:12+00:00| seen| https://t.me/cvedetector/15337...

CVE-2024-3261 Strong Testimonials < 3.1.12 - Contributor+ Stored XSS

The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific...

GoToWP <= 5.1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC registermeeting type='"...

Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion

The plugin does not have any authorisation and CSRF checks in all of its AJAX calls, for example the ordeletefiled one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure...

CVE-2021-32788 Post creator of a whisper post can be revealed to non-staff users in Discourse

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal...

CVE-2015-4552

CVE-2015-4552 describes an XSS vulnerability in the MyBB (MyBulletinBoard) quick edit feature ( xmlhttp.php ) prior to version 1.8.5. The issue allows remote attackers to inject arbitrary web script or HTML via the content of a post. The NVD entry lists affected software as MyBB before 1.8.5, wit...