CVE-2026-7059 666ghj MiroFish Query Parameter simulation.py get_simulation_posts path traversal

A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function getsimulationposts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated...

CVE-2026-9135

creationtimestamp| type| source ---|---|--- 2026-04-26 15:13:52+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mkftsxttik2h 2026-04-26 15:13:52+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mkftsw4gzs2h...

MiroFish 路径遍历漏洞

MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish prior to 0.1.2 have a path traversal vulnerability. This vulnerability stems from improper handling of the Platform parameter in the...

PT-2026-35238

A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get simulation posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated...

CVE-2026-33317

creationtimestamp| type| source ---|---|--- 2026-04-24 03:56:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk7n2d676i2w 2026-04-24 03:56:43+00:00| seen| https://bsky.app/profile/potato.software/post/3mk7n2e3ejh25 2026-04-24 03:57:24+00:00| seen|...

PT-2026-37169

Name of the Vulnerable Software and Affected Versions Lemmy versions prior to 0.19.18 Description An authenticated low-privileged user can trigger server-side HTTP requests toward internal services. This occurs when a user creates a link post in a public community via the "POST /api/v3/post"...

CVE-2026-41353

creationtimestamp| type| source ---|---|--- 2026-04-23 22:25:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk72koj46b2w 2026-04-23 22:26:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk72mlk4ff2g 2026-04-23 23:27:23+00:00| seen|...

CVE-2026-33318

creationtimestamp| type| source ---|---|--- 2026-04-23 20:22:56+00:00| published-proof-of-concept| https://github.com/actualbudget/actual/security/advisories/GHSA-prp4-2f49-fcgp 2026-04-24 03:56:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk7n2kb7sz2z 2026-04-24...

CVE-2026-42606

creationtimestamp| type| source ---|---|--- 2026-04-23 19:37:18+00:00| published-proof-of-concept| https://github.com/AzuraCast/AzuraCast/security/advisories/GHSA-gv7r-3mr9-h5x8 2026-05-09 21:00:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlh5aco5sj2e 2026-05-09...

Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure

The Ajax Load More – Infinite Scroll plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.0.2. The plugin's AJAX endpoint wpajaxnoprivalmgetposts allows unauthenticated users to access non-public posts draft, private, pending, future, tras...

CVE-2026-41196

creationtimestamp| type| source ---|---|--- 2026-04-23 05:18:40+00:00| seen| Telegram/x9tyUe3u3o8RRyRxn4MyOTn6X2M4g6ykuZunUy8vPfx8ng 2026-04-23 06:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116452493196424144 2026-04-23 06:00:35+00:00| seen|...

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2026-41243

OpenLearn's OpenLearn project has a vulnerability CVE-2026-41243 where, prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, enabling safeMode does not prevent public access to unapproved posts via direct post UUID. The post-read path still returns full content to anyone who has the UUID, ev...

EUVD-2026-25164

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

Openlearn 访问控制错误漏洞

Openlearn is an open-source learning forum tool developed by Siemvk individuals. Openlearn has a access control vulnerability; this vulnerability arises from the fact that forum posts that are not reviewed when safeMode is enabled can still return complete content through the direct post reading...

PT-2026-34605

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

EUVD-2026-22828

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...