Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

973 matches found

OSV
OSVadded 2026/03/03 1:29 p.m.3 views

BIT-DISCOURSE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/03/02 1:50 a.m.8 views

CVE-2026-28555

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...

5.3CVSS6AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/02 1:50 a.m.4 views

CVE-2026-28556

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...

5.4CVSS6AI score0.0022EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/01 12:30 a.m.3 views

EUVD-2026-9104

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...

5.3CVSS6AI score0.00268EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/01 12:30 a.m.4 views

EUVD-2026-9105

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...

5.4CVSS6AI score0.0022EPSS
Exploits0References4
OSV
OSVadded 2026/02/28 10:16 p.m.2 views

CVE-2026-28555

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...

4.3CVSS5.9AI score
Exploits0References3
NVD
NVDadded 2026/02/28 10:16 p.m.6 views

CVE-2026-28556

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...

5.4CVSS0.0022EPSS
Exploits0References3
NVD
NVDadded 2026/02/28 10:16 p.m.3 views

CVE-2026-28555

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...

5.3CVSS0.00268EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/28 9:47 p.m.2 views

CVE-2026-28556 wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...

5.4CVSS5.9AI score0.0022EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/28 9:47 p.m.20 views

CVE-2026-28556 wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...

5.4CVSS0.0022EPSS
Exploits0References3
CVE
CVEadded 2026/02/28 9:47 p.m.11 views

CVE-2026-28556

Affected software: wpForo Forum 2.4.14. Vulnerability: missing authorization that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form handlers. Requires a valid form nonce; attackers can reorganize arbitrary forum content...

5.4CVSS6AI score0.0022EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/02/28 9:47 p.m.12 views

CVE-2026-28555

wpForo Forum 2.4.14 has a missing authorization vulnerability preventing proper access control on the wpforo_close_ajax handler. An authenticated subscriber can close or reopen any forum topic by submitting a valid nonce and an arbitrary topic ID, bypassing moderator permissions and potentially d...

5.3CVSS6AI score0.00268EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/02/28 9:47 p.m.18 views

CVE-2026-28555 wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...

5.3CVSS0.00268EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/28 9:47 p.m.3 views

CVE-2026-28555

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...

5.3CVSS6AI score0.00268EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/28 9:47 p.m.3 views

CVE-2026-28555 wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...

5.3CVSS5.9AI score0.00268EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/02/28 1:55 a.m.6 views

CVE-2026-28227

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the publishtocategory topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known...

5.1CVSS5.9AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/02/28 1:55 a.m.9 views

CVE-2026-28219

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/28 12:0 a.m.4 views

PT-2026-22476

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a missing authorization flaw. Authenticated subscribers can close or reopen any forum topic through the wpforo close ajax handler. An attacker can bypass the moderator permission...

5.3CVSS6AI score0.00268EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/02/28 12:0 a.m.6 views

PT-2026-22477

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description An issue exists in wpForo Forum that allows authenticated subscribers to perform actions typically reserved for moderators. Specifically, attackers can move, merge, or split any forum topic using the top...

5.4CVSS5.9AI score0.0022EPSS
Exploits0References5
GithubExploit
GithubExploitadded 2026/02/27 6:58 a.m.146 views

Exploit for CVE-2023-24012

DDS Security Test This is a ROS 2 DDS security testing enviro...

8.2CVSS5.8AI score0.00271EPSS
Exploits1
Rows per page
Query Builder