5 matches found
CVE-2026-49186
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
CVE-2026-49186
CVE-2026-49186 affects local MQTT brokers where topic-level ACLs are not enforced. This permits any client to subscribe with wildcard topics (# or +) to enumerate hidden devices or publish rogue control commands, enabling potential information disclosure and unauthorized actions. The provided doc...
CVE-2026-49186 Lack of MQTT Broker Topic Access Control Lists
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
BIT-DISCOURSE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...
CVE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...