Lucene search
K

3866 matches found

Vulnrichment
Vulnrichment
added 2026/01/28 7:17 p.m.3 views

CVE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

6.9CVSS5.8AI score0.00135EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:17 p.m.4 views

CVE-2025-68933

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

6.9CVSS5.8AI score0.00135EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/28 7:17 p.m.5 views

EUVD-2025-206428

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

6.9CVSS5.8AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 7:17 p.m.8 views

CVE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

6.9CVSS5.8AI score0.00135EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.9 views

PT-2026-5212

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. Non-admin moderators can view...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.6 views

PT-2026-5192

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. Non-admin moderators with the...

6.9CVSS5.2AI score0.00135EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.5 views

Discourse security vulnerabilities

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Vulnerabilities exist in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, and 2026.1.0. These...

6.9CVSS5.8AI score0.00135EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/01/27 11:55 a.m.42 views

A WhatsApp bug lets malicious media files spread through group chats

WhatsApp is going through a rough patch. Some users would argue it has been ever since Meta acquired the once widely trusted messaging platform. User sentiment has shifted from “trusted default messenger” to a grudgingly necessary Meta product. Privacy-aware users still see WhatsApp as one of the...

5.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.6 views

PT-2026-4993

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get audio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References4
OSV
OSV
added 2026/01/27 12:0 a.m.1 views

UBUNTU-CVE-2025-66199

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

5.9CVSS6.8AI score0.00403EPSS
Exploits1References3
OSV
OSV
added 2026/01/25 3:15 p.m.5 views

UBUNTU-CVE-2026-23008

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and crash the driver causing a black screen...

5.5CVSS5.9AI score0.00135EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.13 views

CVE-2026-1070

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.6 views

PT-2026-4670

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and crash the driver causing a black screen...

5.5AI score0.00135EPSS
Exploits0References3
NVD
NVD
added 2026/01/24 9:15 a.m.5 views

CVE-2026-1300

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00199EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.3 views

CVE-2025-14906 WP Youtube Video Gallery <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update

The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS5.8AI score0.00132EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-45005)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45005 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception iss...

5.5CVSS6.7AI score0.00211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.2 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-57895)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57895 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTRCTIME flags when setting...

5.5CVSS5.3AI score0.00202EPSS
Exploits0References2
NVD
NVD
added 2026/01/21 8:16 p.m.5 views

CVE-2025-68139

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

4.3CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/21 7:36 p.m.18 views

CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

4.3CVSS0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/21 7:36 p.m.3 views

EUVD-2025-206320

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

4.3CVSS5.2AI score0.00145EPSS
Exploits0References1
Rows per page
Query Builder