CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

EUVD-2026-13196

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions...

CVE-2025-62251

Summary: CVE-2025-62251 affects Liferay Portal and Liferay DXP. The root cause is the Menu Display Widget exposing content to users without view permissions, enabling potential exposure of sensitive information. Affected versions: Liferay Portal 7.3.0–7.4.3.119 and Liferay DXP 2023.Q3.1–2023.Q3.8...

CVE-2022-35489

In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned...

USN-3856-1 gnome-bluetooth vulnerability

Chris Marchesi discovered that BlueZ incorrectly handled disabling Bluetooth visibility. A remote attacker could possibly pair to devices, contrary to expectations. This update adds a workaround to GNOME Bluetooth to fix the issue...