EUVD-2026-8890

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

CVE-2026-27151 Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

CVE-2026-27849

creationtimestamp| type| source ---|---|--- 2026-02-26 18:22:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfrsubx4wo25 2026-02-26 18:22:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfrsumlpoo2s...

WordPress List category posts plugin <= 0.93.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin List category posts versions = 0.93.1...

CVE-2026-26207

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, discourse-policy plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The PolicyController loads posts by ID without verifying the current...

User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the GitHub Webhook Trigger component. An attacker can trigger unauthorized workflow executions by sending unsigned POST requests to the webhook endpoint, thereby injecting...

CVE-2026-26207

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, discourse-policy plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The PolicyController loads posts by ID without verifying the current...

CVE-2026-2797

creationtimestamp| type| source ---|---|--- 2026-02-26 09:35:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqvfkxpra2u 2026-02-26 09:35:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqvgi44px2s 2026-02-26 11:34:00+00:00| seen|...

CVE-2026-27635

creationtimestamp| type| source ---|---|--- 2026-02-26 06:59:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqmo6hs4r2x 2026-02-26 06:59:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqmp5efp22s 2026-02-28 04:40:09+00:00| seen|...

CVE-2026-25191

creationtimestamp| type| source ---|---|--- 2026-02-26 05:00:00+00:00| seen| https://jvn.jp/en/jp/JVN48498976/ 2026-02-26 06:22:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqkm3ics626 2026-02-26 07:13:23+00:00| seen|...

CVE-2026-27952

creationtimestamp| type| source ---|---|--- 2026-02-26 04:57:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfqfur7f4s2v 2026-02-26 05:16:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqgwun6mm2s 2026-03-02 21:00:15+00:00| seen|...

CVE-2026-27969

creationtimestamp| type| source ---|---|--- 2026-02-26 04:30:35+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mfqeehtgzj22 2026-02-26 05:17:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfqgykykey2u 2026-02-27 16:40:11+00:00| seen|...

CVE-2026-27961

creationtimestamp| type| source ---|---|--- 2026-02-26 04:24:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqe2bychd2t 2026-02-26 05:02:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfqg5pn7fb2e 2026-03-02 20:40:10+00:00| seen|...

PT-2026-22154

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the...

PT-2026-22188

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, had an issue where the posts nearby function was not properly filtering...

PT-2026-22194

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, contains a flaw where a user's full name can be interpreted as raw HTML...

PT-2026-22186

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, had an issue where the move posts action did not properly validate write...

CVE-2025-69985

creationtimestamp| type| source ---|---|--- 2026-02-25 20:06:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfpi6yvfbv2h 2026-02-25 20:07:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfpib4lrfh2v 2026-03-24 17:00:40+00:00|...

CVE-2026-24890

creationtimestamp| type| source ---|---|--- 2026-02-25 19:57:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfphok42qj2n 2026-02-25 19:57:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfphpkqtzo2s 2026-02-25 20:00:16+00:00| seen|...

CVE-2026-27706

creationtimestamp| type| source ---|---|--- 2026-02-25 17:40:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfp7zm72fb2c 2026-02-25 17:40:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfpa2ehrcy26 2026-03-01 00:00:17+00:00| seen|...