CVE-2026-28276 Initiative Allows Unauthenticated Access to Uploaded Documents via Public /uploads/ Endpoint

Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or authorization checks. Any uploaded file can be...

n8n has an Authentication Bypass in its Chat Trigger Node

Impact When the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented. - This issue requires the Chat Trigger node to be configured with n8n User Auth authentication non-default. Patches The issue has been fixed in n8n versions 2.10.1,...

WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level

Privilege Escalation to Admin via User Self-Update in wg-portal Summary Any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. After logging out and back in, the session picks up...

CVE-2026-28219

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

CVE-2026-28219

Product/Component: Discourse open source platform. Vulnerability: Improper authorization check in topic management lets authenticated users alter privileged topic attributes via PUT/POST, elevating a topic’s status to a site-wide notice or banner. Affected versions: before 2025.12.2, 2026.1.1, an...

EUVD-2026-8900

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

CVE-2026-26979

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...

CVE-2026-27162

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

CVE-2026-27149

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filtering listprivatemessagestag allows bypassing tag filter conditions, potentially disclosing unauthorized private message metadata. Versions 2025.12.2, 2026.1.1, and...

CVE-2026-26979 Discourse: TL4 users are able to change status of restricted topics

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...

EUVD-2026-8857

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, discourse-policy plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The PolicyController loads posts by ID without verifying the current...

EUVD-2026-8856

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the patreonwebhooksecret site setting is blank, an attacker can forge valid webhook signatures by computing an HMAC-MD5 with an empty string as the key. Since the request body is known to th...

CVE-2026-23999

CVE-2026-23999 affects Fleet open source device management before version 4.80.1. The vulnerability stems from a predictable 6‑digit PIN (device lock/wipe) derived from the current Unix timestamp without secret entropy, allowing an attacker with physical access and knowledge of approximate lock t...

CVE-2026-23999 Fleet: Device lock PIN can be predicted if lock time is known

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

AZL-78356 CVE-2026-27965 affecting package vitess 19.0.4-7

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

EUVD-2026-8830

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification...

CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

UBUNTU-CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

CVE-2026-27831

CVE-2026-27831 affects the open-source DNS server rldns . Affected: version 2.3 has a heap-based out-of-bounds read that leads to a denial of service; version 1.4 includes a patch. The vulnerability stems from a heap-out-of-bounds condition that can crash the service. No exploitation details are ...

EUVD-2026-8784

GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in src/filters/dmxnhml.c. The value of the xmlHeaderEnd XML attribute is copied from att-value into szXmlHeaderEnd1000 using strcpy without any length...