CVE-2026-33506

creationtimestamp| type| source ---|---|--- 2026-03-26 20:54:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhyifeaw6m27 2026-03-26 21:20:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyjugwtbq2r 2026-03-26 21:36:49+00:00| seen|...

CVE-2026-33491

creationtimestamp| type| source ---|---|--- 2026-03-26 20:44:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhyhthdl3k2n 2026-03-26 21:20:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyjuo5la327 2026-03-26 21:36:40+00:00| seen|...

CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

CVE-2026-32329

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

CVE-2026-32419

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

CVE-2026-32565

Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through 4.2.2...

CVE-2026-1217

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

CVE-2026-33355

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

CVE-2026-33428

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions...

CVE-2026-33411

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

CVE-2026-2121

The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addclass' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2026-34005

creationtimestamp| type| source ---|---|--- 2026-03-26 15:00:04+00:00| seen| https://t.me/GithubRedTeam/77352 2026-03-26 21:00:04+00:00| published-proof-of-concept| Telegram/EErZ2DHOfxeZ1Fjlnav1XzXAT9awV59GDGk5YYfJrqej7U 2026-03-29 17:18:36+00:00| seen|...

CVE-2026-22323

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

CVE-2026-4840

creationtimestamp| type| source ---|---|--- 2026-03-26 04:16:40+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4840 2026-03-26 05:18:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhwu3eol3e2t 2026-03-26 06:00:32+00:00| seen|...

CVE-2026-4484

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhwmeoazhu27 2026-03-26 03:04:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhwmmwoppr2i 2026-03-26 05:01:21+00:00| seen|...

CVE-2026-32680

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:15+00:00| seen| https://jvn.jp/en/jp/JVN08057419/ 2026-03-26 07:20:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhx2v47k2r2t 2026-03-26 07:30:29+00:00| seen|...

CVE-2026-4758

creationtimestamp| type| source ---|---|--- 2026-03-26 01:00:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhwfp2iqwd2s 2026-03-26 01:15:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhwgjfmkf22n...

WordPress plugin Frontend Admin by DynamiApps 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...