109 matches found
CVE-2026-12408
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...
CVE-2026-12408
The CVE-2026-12408 entry concerns the WordPress plugin Slim SEO (versions up to and including 4.9.8). The vulnerability arises from the REST endpoint /wp-json/slim-seo/meta-tags/ai: the permission_callback only checks a top-level edit_posts capability and does not verify that the requester can re...
AI and Liability
Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like "users can check for themselves," and that they generally know "that information generated with AI should not be blindly trusted," the court held that the AI's summaries are...
CVE-2026-32244
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...
BIT-DISCOURSE-2026-32244 Discourse: Cached outdated summaries can leak removed content
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1,...
CVE-2026-32244
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...
CVE-2026-32244
Discourse: Cached outdated AI summaries can leak removed content to anonymous/unprivileged users who cannot regenerate summaries. Affected in versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest. Fixed in those versions. Remediation: upgrade to 2026.1.4, 2026.3.1, 2026.4.1, or 2026....
CVE-2026-32244 Discourse: Cached outdated summaries can leak removed content
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...
EUVD-2026-30815
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...
CVE-2026-32244 Discourse: Cached outdated summaries can leak removed content
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...
CVE-2026-32244
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...
PT-2026-41758
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.1.4 Discourse versions prior to 2026.3.1 Discourse versions prior to 2026.4.1 Discourse versions prior to 2026.5.0-latest.1 Description Outdated cached AI summaries can leak removed content to anonymous and...
Discourse 信息泄露漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 contain information leakage vulnerabilitie...
GHSA-97R8-RF7Q-WMJW Sveltia CMS: Stored XSS in entry summary rendering via entity-decoded HTML
Impact A stored cross-site scripting XSS vulnerability affected entry summary rendering in Sveltia CMS. Entry summaries that allowed limited Markdown were parsed, sanitized, and then HTML entities were decoded. This order allowed specially crafted entity-encoded HTML, such as encoded tags or even...
PT-2026-40841
Four CVEs CVE-2026-29103, CVE-2026-29104, CVE-2026-29892, CVE-2026-30441 shared the same root cause. An MCP server's response to the client includes free-form text fields — tool descriptions, resource summaries, prompt argument hints. These fields are surfaced into the…...
CVE-2026-43864
A flaw was found in mutt. This vulnerability, a null pointer dereference in the showsigsummary function, could allow an attacker to cause a denial of service. This occurs when processing specially crafted input related to signature summaries. Mitigation Mitigation for this issue is either not...
GHSA-95Q8-X6R6-672M Lemmy may expose private community data through community, saved, liked, and modlog API views
NOTE: Only affects development version. Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alic...
summary-awi-poc
summary-awi-poc Public proof-of-concept repository for valida...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These...
CVE-2025-67475 Stored XSS through edit summaries in MW Core
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6,...