16 matches found
CVE-2026-28227
CVE-2026-28227 affects Discourse. Before versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users could publish topics into staff-only categories via the publish_to_category timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 contain patches. No known workarounds are pr...
CVE-2025-12173 WP Admin Microblog <= 3.1.1 - Cross-Site Request Forgery to Message Creation
The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on beha...
EUVD-2009-2553
Malware in sbrugna...
EUVD-2015-7160
Malware in sbrugna...
EUVD-2002-0008
Malware in sbrugna...
EUVD-2023-34242
Malicious code in bioql PyPI...
PT-2025-34707 · Unknown · Scratch Channel
Name of the Vulnerable Software and Affected Versions: The Scratch Channel versions 1 and 1.1 Description: The Scratch Channel, a news website, is susceptible to unauthorized article posting. A POST request to the article publishing endpoint allows posting articles in any category with any date,...
CVE-2024-30617
A Cross-Site Request Forgery CSRF vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge...
WordPress plugin HurryTimer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2011-1762
A flaw exists in Wordpress related to the ‘wp-admin/press-this.php ‘script improperly checking user permissions when publishing posts. This may allow a user with ‘Contributor-level’ privileges to post as if they had ‘publishposts’ permission. Recent assessments: Assessed Attacker Value: 0 Assesse...
Facebook worries: I didn’t post that
It is my assumption that most Facebook users don’t look at their own profile often. With your own profile, I mean the timeline that shows up when you click your own name or avatar in the Facebook menu. That’s because we think we know exactly what is posted there, so why bother to look at it? Afte...
X (Formerly Twitter): CSRF in twitterflightschool.com ( CAN POST ON TIMELINE WITHOUT USER PERMISSION)
Hi, 1 Go to twitterflightschool.com and start intercepting every request . 2 No csrf tokens are present in the requests 3 Even in account settings there are no csrf tokens Attacker could post on twitter timeline of user https://twitterflightschool.com/module/twitter-for-executives/chapter/final T...
[Responsible disclosure] Hacking Facebook.com/thanks Posting on behalf of your friends!
Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed. Facebook recently introduced "Say Thanks", an experience that lets Facebook user to create personalized video cards for their facebook friends. To create a Thanks...
CVE-2013-5157
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions...
CVE-2002-0008
Bugzilla before 2.14.1 allows remote attackers to 1 spoof a user comment via an HTTP request to processbug.cgi using the "who" parameter, instead of the Bugzillalogin cookie, or 2 post a bug as another user by modifying the reporter parameter to enterbug.cgi, which is passed to postbug.cgi...