BIT-DISCOURSE-2026-28282 Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin

Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a...

CVE-2026-28282

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a...

EUVD-2026-13243

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a...

CVE-2026-28282 Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a...

CVE-2026-28282

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a...

CVE-2026-28282 Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a...

CVE-2026-28282

Discourse security advisory: A vulnerability in the discourse-policy plugin allows a user with policy creation permission to gain membership in private/restricted groups. Affected versions are prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Exploitation would let the user read private topics ...

WordPress Himer theme < 2.1.1 - Subscriber+ Private Group Joining via IDOR vulnerability

Subscriber+ Private Group Joining via IDOR vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...

CVE-2024-2232

The lacks CSRF checks allowing a user to invite any user to any group including private groups...

CVE-2024-2040

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...

UBUNTU-CVE-2025-62400

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

CVE-2025-62400

Moodle (CMS) is affected by CVE-2025-62400: hidden-group names can be exposed to users who can create calendar events but cannot view hidden groups, risking disclosure of private/restricted group information. Connected advisories indicate Fedora NSS/Nessus entries reference this CVE and note vuln...

EUVD-2021-26261

Malware in sbrugna...

EUVD-2019-16547

Malware in sbrugna...

EUVD-2021-26240

Malware in sbrugna...

EUVD-2025-16482

Malicious code in bioql PyPI...

EUVD-2022-45044

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-39876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. CVE-2021-39876 Note that...

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

CVE-2021-39884

In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project...