EUVD-2026-36580

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

WordPress plugin Broadstreet 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2026-18825

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

EUVD-2026-14942

Craft CMS' anonymous "assets/image-editor" calls return private asset editor metadata to unauthorized users...

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the assets/image-editor endpoint. An attacker can access private editor metadata, including focalPoint, for assets they are not authorized to view by supplying the I...

BIT-GITLAB-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

CVE-2026-0602

GitLab CE/EE contains a vulnerability (CVE-2026-0602) where an authenticated user could disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering in the snippet rendering process. Affected versions are 15.6 up to but not including 18.7.6, 18.7....

CVE-2026-0602

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

CVE-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

PT-2026-24711

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

Discourse SQL注入漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 have a SQL injection vulnerability. This vulnerability stems...

EUVD-2017-7948

Malware in sbrugna...

CVE-2025-7499

The CVE-2025-7499 entry concerns the BetterDocs plugin for WordPress, with a missing capability check in the get_response function present in all versions up to 4.1.1. This allows unauthenticated attackers to access passwords for password-protected documents and metadata of private/draft document...

CVE-2023-3892

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this docume...

PT-2023-20324 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 3.1.0.beta2 through the version prior to the latest beta and tests-passed versions Description: The issue concerns the exposure of private tags in metadata on Discourse, an open-source platform for community discussions. Th...

CVE-2017-16769

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode...