18 matches found
BIT-DISCOURSE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...
CVE-2026-28556 wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...
CVE-2026-28556 wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...
CVE-2026-28556
Affected software: wpForo Forum 2.4.14. Vulnerability: missing authorization that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form handlers. Requires a valid form nonce; attackers can reorganize arbitrary forum content...
CVE-2026-28219
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...
CVE-2026-28219
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...
CVE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...
CVE-2026-28219
Product/Component: Discourse open source platform. Vulnerability: Improper authorization check in topic management lets authenticated users alter privileged topic attributes via PUT/POST, elevating a topic’s status to a site-wide notice or banner. Affected versions: before 2025.12.2, 2026.1.1, an...
CVE-2026-26979
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contain security vulnerabilities. These vulnerabilities stem...
PT-2026-22176
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, Trust Level 4 TL4...
PT-2026-22196
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description An improper authorization check in the topic management logic allows authenticated users to modify privileged attribute...
GHSA-7MG2-6C6V-342R Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
Simple Forum-Discussion System SQL注入漏洞
Simple Forum-Discussion System is a simple forum/discussion system. SQL injection vulnerability exists in Simple Forum-Discussion System, which originates in various components such as manage topic.php, manage user.php and ajax.php. Lack of validation of externally entered SQL statements. An...
TIBCO Security Advisory: June 11, 2019 - ApacheKafka
Apache Kafka Vulnerable To Persistent Remote Denial Of Service Via Topic Names Original release date: June 11,2019 Last revised: Source: TIBCO Software Inc. Apache Kafka Vulnerable To Persistent Remote Denial Of Service Via Topic Names Original release date: June 11, 2019 Last revised: --- Source...
Cross-site scripting vulnerability in DedeCMS V5.7 SP2 official system "Topic Management".
Weaving dream content management system DedeCms is a PHP open source website management system. A cross-site scripting vulnerability exists in the "Topic Management" section of DedeCMS V5.7 SP2. Attackers can insert malicious js code in the page to obtain user cookies and other information,...