CVE-2026-54219

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

CVE-2026-54219 Stored XSS in UBB.threads

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

EUVD-2026-37882

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

CVE-2026-7051

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

CVE-2026-7051

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

EUVD-2026-29899

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

forest 安全漏洞

forest is RYMCU open source a modern knowledge community backend project , using SpringBoot + Shiro + MyBatis + JWT + Redis implementation . A security vulnerability exists in forest version f782e85, which stems from a flaw in the doBefore function in the AuthorshipAspect.java file, which could...

PT-2025-45448

An issue was discovered in rymcu forest thru commit f782e85 2025-09-04 in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized attackers to delete arbitrary users posts...

CVE-2025-5622

creationtimestamp| type| source ---|---|--- 2025-06-05 01:27:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqt64rcwgl2e 2025-06-05 01:44:05+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114628220983430004...

CVE-2025-31201

creationtimestamp| type| source ---|---|--- 2025-04-16 17:33:03+00:00| seen| https://infosec.exchange/users/applsec/statuses/114348836934305541 2025-04-16 17:33:04+00:00| seen| https://bsky.app/profile/applsec.bsky.social/post/3lmx4qr3utx2e 2025-04-16 18:18:24+00:00| seen|...

CVE-2025-23008

creationtimestamp| type| source ---|---|--- 2025-04-10 21:43:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmihwcmfmu2i 2025-04-10 23:43:23+00:00| seen| https://t.me/cvedetector/22685 2025-04-11 03:29:27+00:00| seen|...

PT-2024-15213 · Peepso · The Community By Peepso

Name of the Vulnerable Software and Affected Versions: The Community by PeepSo WordPress plugin versions prior to 6.3.1.2 Description: The issue is related to the lack of a CSRF check when creating a user post, which could allow attackers to make logged-in users perform such actions via a CSRF...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email, and chat rooms. Discourse suffers from an information disclosure vulnerability that stems from the number of times it allows users posted in any thread to be exposed to unauthoriz...

usememos/memos has Insufficient Granularity of Access Control

usememos/memos 0.9.0 and prior allows an attacker to archive any user's public or private post...

WordPress Ask Me plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress plugin Ask Me 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Allow REL= and HTML in Author Bios <= .1- Author+ Stored Cross-Site Scripting

The plugin does not sanitise the allowed HTML in Bio, allowing user with a role as low as author to perform Cross-Site Scripting attack against users viewing their posts PoC As Author, put a JS payload such as in your Biographical Info via your Profile, then access any public posts made by your...

Nextcloud Social app access control error vulnerability

Nextcloud Nextcloud Social app is a social application from Nextcloud Germany. An access control error vulnerability exists in version 0.3.1 of the Nextcloud Social app. The vulnerability is related to the control system of the affected version not properly handling user access requests. There is...

CVE-2020-8278

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...

Improper access control

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...