6150 matches found
CVE-2026-44783
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...
Malicious code in claudechor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a9cbb36cf7ed82685830b5d3a2b341bff9ef86e2688842d1f54259b2b6fb533 The package's bin entry reads installer-owned Claude credential files /.claude/.credentials.json and /.claude.json — written by Anthropic's official...
CVE-2026-44783
Product/Component : Discourse (open-source discussion platform). Issue : A flaw in how replies to whispers is handled allows authenticated users outside the groups configured in whispers_allowed_groups to post into a topic’s staff-only whisper channel. The injected content is visible to whisperer...
CVE-2026-44780
Summary of CVE-2026-44780 (Discourse) : The flaw arises in the ReviewableQueuedPostSerializer where, for posts arriving via incoming email, payload["raw_email"] was unconditionally included. This allowed category moderation group members in the review queue to access the full inbound email conten...
CVE-2026-44780 Discourse: Category queue reviewers can read raw incoming emails from queued posts
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...
CVE-2026-50087
creationtimestamp| type| source ---|---|--- 2026-06-12 17:02:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo47t2lp3b2b 2026-06-12 17:41:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4bynt77r2u...
CVE-2026-50085
creationtimestamp| type| source ---|---|--- 2026-06-12 17:02:30+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo47sletpy2c 2026-06-12 17:52:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4cmenjg423...
CVE-2026-6211
creationtimestamp| type| source ---|---|--- 2026-06-12 16:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo44dscrod2p 2026-06-12 17:51:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4ckkzzfi2p...
CVE-2026-44892
creationtimestamp| type| source ---|---|--- 2026-06-12 06:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo32tbuo3h2n 2026-06-12 07:41:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo3aic2bcn23...
CVE-2026-48610
creationtimestamp| type| source ---|---|--- 2026-06-12 05:46:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo3224idol25 2026-06-12 08:01:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo3bkccbxg2a 2026-06-12 12:02:06+00:00| seen|...
CVE-2026-47367
creationtimestamp| type| source ---|---|--- 2026-06-12 05:00:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2xhmx67l26 2026-06-12 05:51:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo32d2wc762j...
CVE-2026-48611
creationtimestamp| type| source ---|---|--- 2026-06-12 05:00:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2xhfwjef24 2026-06-12 05:36:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo2zi7lj7g2b 2026-06-12 18:51:21+00:00| seen|...
Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
WordPress Simple Job Board - Unauthorized Data Access
The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...
CVE-2026-44249
creationtimestamp| type| source ---|---|--- 2026-06-12 01:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2k2h43or2t 2026-06-12 01:44:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo2mj5sag22j...
CVE-2026-7870
creationtimestamp| type| source ---|---|--- 2026-06-11 17:00:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnzpah4ouw24 2026-06-11 17:23:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnzqidw2kl24...
Exploit for CVE-2026-7665
CVE-2026-7665 — Unauthenticated Information Disclosure in Esse...
CVE-2026-8613
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-41856
creationtimestamp| type| source ---|---|--- 2026-06-11 08:00:59+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnyr3dgend2x 2026-06-11 09:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116730653982449979 2026-06-11 09:00:29+00:00| seen|...
CVE-2026-41700
creationtimestamp| type| source ---|---|--- 2026-06-11 08:00:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnyr33x2kg26 2026-06-11 09:51:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnyxbciz3y2d 2026-06-12 15:07:07+00:00| seen|...