Lucene search
K

31 matches found

Patchstack
Patchstack
added 2026/07/01 12:0 a.m.5 views

WordPress Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure vulnerability

Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Academy LMS versions = 3.8.1...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/07 8:43 a.m.5 views

BIT-DISCOURSE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic, including voting and toggling poll status. No...

6.3CVSS5.8AI score0.0016EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 5:40 p.m.28 views

CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

6.3CVSS0.0016EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 5:40 p.m.20 views

CVE-2026-32619

Discourse vulnerability CVE-2026-32619 affects the poll feature when a user loses access to a topic in private categories. Versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 allow such users to interact with polls (vote and togg...

6.3CVSS5.8AI score0.0016EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Discourse 授权问题漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an authorization issue vulnerability that stems from a category group moderator being able to perform privileged...

5.4CVSS5.8AI score0.00153EPSS
Exploits0References3
NVD
NVD
added 2026/03/19 10:16 p.m.8 views

CVE-2026-28282

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a...

6.5CVSS0.00332EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.10 views

PT-2026-26371

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

6.9CVSS5.9AI score0.0027EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.12 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These vulnerabilities stem from...

6.5CVSS5.8AI score0.00332EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.12 views

PT-2026-26378

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. A security flaw exists within the discourse-policy plugin that...

6.5CVSS5.8AI score0.00332EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/02 1:51 a.m.9 views

CVE-2026-28559

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/01 12:30 a.m.3 views

EUVD-2026-9108

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References4
NVD
NVD
added 2026/02/28 10:16 p.m.8 views

CVE-2026-28559

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

6.9CVSS0.00337EPSS
Exploits0References3
OSV
OSV
added 2026/02/28 10:16 p.m.3 views

CVE-2026-28559

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

5.3CVSS5.8AI score0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/28 9:47 p.m.27 views

CVE-2026-28559 wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

6.9CVSS0.00337EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/28 9:47 p.m.3 views

CVE-2026-28559 wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/28 9:47 p.m.3 views

CVE-2026-28559

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/28 9:47 p.m.22 views

CVE-2026-28559

wpForo Forum 2.4.14 has an information disclosure flaw in the global RSS feed endpoint that allows unauthenticated access to private and unapproved topics. Requesting the RSS feed without a forum ID bypasses privacy and status filters that are applied when a specific forum ID is present, exposing...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/28 12:0 a.m.11 views

PT-2026-22480

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains an information disclosure issue that allows unauthenticated users to retrieve private and unapproved forum topics. This is possible through the global RSS feed endpoint. When...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References6
OSV
OSV
added 2026/01/31 8:42 a.m.4 views

BIT-DISCOURSE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

7.5CVSS5.9AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/29 9:21 p.m.6 views

CVE-2026-23743

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

7.5CVSS5.9AI score0.00245EPSS
Exploits0References1
Rows per page
Query Builder