377 matches found
CVE-2026-31805 Discourse has a poll authorization bypass via post_id array parameter
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing...
CVE-2026-31805 Discourse has a poll authorization bypass via post_id array parameter
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing...
CVE-2026-31805 Discourse has a poll authorization bypass via post_id array parameter
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing...
PT-2026-26542
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. An authorization bypass in the poll plugin allowed authenticat...
CVE-2026-32816
Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF...
Malicious Package
Overview xc-input-toggle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-1316 Malicious code in xc-input-toggle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25bd6a138ac384a0c310614cf8a679db9c7c02f9b4b44fbfb98910514eb2e80e The package xc-input-toggle was found to contain malicious code. Source: ghsa-malware aa8d4ebd389bd00b1f92bc14e6d9e1a2ffc83e2ef239991e0e01c0bb445166c...
Malicious code in xc-input-toggle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25bd6a138ac384a0c310614cf8a679db9c7c02f9b4b44fbfb98910514eb2e80e The package xc-input-toggle was found to contain malicious code. Source: ghsa-malware aa8d4ebd389bd00b1f92bc14e6d9e1a2ffc83e2ef239991e0e01c0bb445166c...
CVE-2026-23694
Aruba HiSpeed Cache aruba-hispeed-cache WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery CSRF vulnerability affecting multiple administrative AJAX actions. The handlers for ahscresetoptions, ahscdebugstatus, and ahscenablepurge perform authentication and capability...
CVE-2026-23694 Aruba HiSpeed Cache < 3.0.5 CSRF in Multiple Administrative AJAX Actions
Aruba HiSpeed Cache aruba-hispeed-cache WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery CSRF vulnerability affecting multiple administrative AJAX actions. The handlers for ahscresetoptions, ahscdebugstatus, and ahscenablepurge perform authentication and capability...
WordPress Ganohrs Toggle Shortcode plugin <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ganohrs Toggle Shortcode versions = 0.2.4...
CLSA-2026-1769775296 nodejs: Fix of 3 CVEs
CVE-2025-59465: add default error handler to TLSSocket to prevent server crash when connection is abruptly destroyed during initialization - CVE-2025-59466: fix stack overflow exception handling in asynchooks to allow catching with try-catch instead of requiring uncaughtException handlers -...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the ToggleUserOpenIDVisibility function. An authenticated attacker can modify the visibility settings of other users' OpenID identities. Remediation Upgrade...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the ToggleUserOpenIDVisibility function. An authenticated attacker can modify the visibility settings of other users' OpenID identities. Remediation Upgrade...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003826)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003826 advisory. A memory leak in the i2400moprfkillswtoggle function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001292)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001292 advisory. A memory leak in the i2400moprfkillswtoggle function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of...
CVE-2025-68815
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove drr class from the active list if it changes to strict Whenever a user issues an ets qdisc change command, transforming a drr class into a strict one, the ets code isn't checking whether that class was in t...
MAL-2025-191278 Malicious code in @oku-ui/toggle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d0819bf4913c5aabf31547b239ee5407c6e581d71ef7d041451c7f162314c1 The package @oku-ui/toggle was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-199460
Malicious code in @oku-ui/toggle-group npm...
Malicious code in @oku-ui/toggle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d0819bf4913c5aabf31547b239ee5407c6e581d71ef7d041451c7f162314c1 The package @oku-ui/toggle was found to contain malicious code. Source: google-open-source-security...