Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6180 matches found

Circl
Circladded 2026/02/28 12:56 a.m.2 views

CVE-2026-28409

creationtimestamp| type| source ---|---|--- 2026-02-28 00:56:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfuzcrimck2u 2026-02-28 01:30:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116145666777961188 2026-02-28 01:30:32+00:00| seen|...

10CVSS5.3AI score0.03315EPSS
Exploits1References6
Circl
Circladded 2026/02/27 11:24 p.m.3 views

CVE-2026-3255

creationtimestamp| type| source ---|---|--- 2026-02-27 23:24:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfuu7hwlqs2x 2026-02-27 23:30:45+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mfuuk6yvv62a...

6.5CVSS5.3AI score0.00418EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/02/27 7:45 p.m.5 views

CVE-2026-26207

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, discourse-policy plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The PolicyController loads posts by ID without verifying the current...

5.4CVSS6AI score0.00151EPSS
Exploits0References1
Circl
Circladded 2026/02/27 1:31 p.m.3 views

CVE-2025-11251

creationtimestamp| type| source ---|---|--- 2026-02-27 13:31:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mftt2i2t3x2n 2026-02-27 13:38:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mftthya3zh27 2026-02-27 18:00:15+00:00| seen|...

9.8CVSS5.3AI score0.00395EPSS
Exploits0References4
Circl
Circladded 2026/02/27 8:18 a.m.4 views

CVE-2026-0980

creationtimestamp| type| source ---|---|--- 2026-02-27 08:18:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mftbk4vnqy2u 2026-02-27 08:18:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mftbkhgxec2v 2026-02-27 10:03:14+00:00| seen|...

8.8CVSS5.9AI score0.00771EPSS
Exploits0References4
Circl
Circladded 2026/02/27 6:0 a.m.4 views

CVE-2026-3301

creationtimestamp| type| source ---|---|--- 2026-02-27 06:00:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mfszu67jax2m 2026-02-27 06:19:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mft2vd6lmq2s 2026-02-27 07:03:30+00:00| seen|...

10CVSS7.8AI score0.04028EPSS
Exploits1References4
Circl
Circladded 2026/02/27 4:24 a.m.5 views

CVE-2026-28364

creationtimestamp| type| source ---|---|--- 2026-02-27 04:24:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfsuj76ohg2x 2026-02-27 04:25:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfsuk4rdbu26 2026-02-27 05:35:23+00:00| seen|...

7.9CVSS5.3AI score0.00182EPSS
Exploits0References5
Circl
Circladded 2026/02/27 4:24 a.m.2 views

CVE-2026-28363

creationtimestamp| type| source ---|---|--- 2026-02-27 04:24:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfsuixv7xg25 2026-02-27 04:25:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfsujvdclc2u 2026-02-27 05:31:06+00:00| seen|...

9.9CVSS5.3AI score0.00495EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/02/26 10:47 p.m.10 views

n8n has Webhook Forgery on Zendesk Trigger Node

Impact An attacker who knows the webhook URL of a workflow using the ZendeskTrigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node does not verify the HMAC-SHA256 signature that Zendesk attaches to every outbound webhook, allowing any party to inject...

5.6AI score
Exploits0References4Affected Software1
NVD
NVDadded 2026/02/26 9:28 p.m.4 views

CVE-2026-27162

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

7.1CVSS0.00227EPSS
Exploits0References1
NVD
NVDadded 2026/02/26 9:28 p.m.5 views

CVE-2026-27151

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/26 9:20 p.m.1 views

CVE-2026-27154

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: displaynameonposts = true; and prioritizeusernameinux = false. Editing a post of a malicious user would trigger ...

6.1CVSS5.9AI score0.00166EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/26 9:20 p.m.3 views

CVE-2026-27154 Discourse has XSS when editing a malicious post

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: displaynameonposts = true; and prioritizeusernameinux = false. Editing a post of a malicious user would trigger ...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References1
CVE
CVEadded 2026/02/26 9:20 p.m.7 views

CVE-2026-27154

Discourse contains an XSS flaw in which a user’s full name can be evaluated as raw HTML when display_name_on_posts is true and prioritize_username_in_ux is false. The issue occurs when editing a post by a malicious user, potentially triggering XSS. Affected versions include prior to 2025.12.2, 20...

6.1CVSS5.4AI score0.00166EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/26 7:58 p.m.0 views

CVE-2026-27162

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/02/26 7:58 p.m.2 views

EUVD-2026-8892

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

7.1CVSS5.4AI score0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/26 7:57 p.m.5 views

CVE-2026-27151

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/26 7:57 p.m.2 views

CVE-2026-27151 Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.9AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/26 7:57 p.m.22 views

CVE-2026-27151 Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS0.00154EPSS
Exploits0References1
CVE
CVEadded 2026/02/26 7:57 p.m.10 views

CVE-2026-27151

Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0 had a validation flaw where move_posts checked only source topic write permissions and did not validate destination topic permissions, allowing TL4 users and category moderators to move posts into topics in categories with read-only or...

5.3CVSS5.4AI score0.00154EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder