CVE-2023-34250

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created but not the actual content thereof in...

CVE-2023-32301

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

CVE-2023-23615

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments ...

CVE-2023-30611

Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to...

CVE-2023-23622

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...

CVE-2023-1083

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates...

CVE-2022-48217

The tfremappernode component 1.1.1 for Robot Operating System ROS allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled oldtftopicname and/or newtftopicname...

CVE-2022-39270

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...

CVE-2020-9007

Codoforum 4.8.8 allows self-XSS via the title of a new topic...

CVE-2020-14194

Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link...

CVE-2019-17572

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversa...

CVE-2014-8293

Cross-site scripting XSS vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMGsignintopic parameter to index.php...

CVE-2025-27804

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions...

CVE-2025-27804

CVE-2025-27804 affects eCharge Hardy Barth cPH2 and cPP2 charging stations. The vulnerability stems from multiple OS command injections in the device firmware, specifically via the /var/salia/mqtt.php script. When a specially crafted MQTT message is published to a certain topic, arbitrary OS comm...

PT-2025-22332

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description There are several OS command injection vulnerabilities in the device firmware, specifically in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic...

CVE-2025-4311

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/updatemaintopicimg.php?topicid=529. The manipulation of the argument stopicid leads to sql injection. The attack can be initiated remotely. Th...

CVE-2025-4310

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/addtopic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely...

CVE-2025-4310 itsourcecode Content Management System add_topic.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/addtopic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely...

itsourcecode Content Management System 安全漏洞

itsourcecode Content Management System is a content management system of itsourcecode open source. A security vulnerability exists in version 1.0 of itsourcecode Content Management System, which originates from improper manipulation of the parameter stopicid in the file...

itsourcecode Content Management System 安全漏洞

itsourcecode Content Management System is an open source content management system from itsourcecode. A security vulnerability exists in version 1.0 of itsourcecode Content Management System, which originates from an improper operation of the parameter Cover Image in the file /admin/addtopic.php,...