Lucene search
+L

2292 matches found

cve
cve
added 2026/06/12 8:26 p.m.28 views

CVE-2026-47264

CVE-2026-47264 affects Discourse releases 2026.1.0–2026.1.3, 2026.3.0–2026.3.0x (up to 2026.3.0-latest until 2026.3.1), and 2026.4.0–2026.4.0x (up to 2026.4.0-latest until 2026.4.1). The root cause is that DetailedTagSerializer#tag_group_names returned every tag group a tag belonged to without fi...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/06/12 8:26 p.m.3 views

CVE-2026-47264 Discourse: Don't leak restricted tag group names via tag info

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS5.9AI score0.00216EPSS
Exploits0References3
euvd
euvd
added 2026/06/12 8:8 p.m.10 views

EUVD-2026-36580

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.4AI score0.00207EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:8 p.m.9 views

CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.3AI score0.00207EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/12 8:8 p.m.30 views

CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS0.00207EPSS
Exploits0References1
osv
osv
added 2026/06/12 8:8 p.m.2 views

CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.19 views

PT-2026-48988

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description When the SiteSetting.tags listed by group setting is enabled, the DetailedTagSerializertag group names function returns all tag...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.17 views

PT-2026-48994

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.3AI score0.00207EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/11 6:30 p.m.32 views

CVE-2026-47177 Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it ...

5.7CVSS0.00251EPSS
Exploits0References2
cve
cve
added 2026/06/11 6:30 p.m.20 views

CVE-2026-47177

Quest Bot: Affects versions before 1.0.4. If a user with config access sets the ticket transcript channel to a channel they can read, closing tickets causes the bot to export the full ticket history to that transcript channel, potentially exposing private messages to users who could not read the ...

5.7CVSS5.4AI score0.00251EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/11 6:30 p.m.10 views

CVE-2026-47177 Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it ...

5.7CVSS5.4AI score0.00251EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/11 6:29 p.m.30 views

CVE-2026-47176 Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS0.00251EPSS
Exploits0References2
githubexploit
githubexploit
added 2026/06/11 10:42 a.m.102 views

Exploit for CVE-2026-7665

CVE-2026-7665 — Unauthenticated Information Disclosure in Esse...

5.3CVSS5.5AI score0.0515EPSS
Exploits1
cvelist
cvelist
added 2026/06/10 9:10 a.m.42 views

CVE-2026-11852

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in...

0.00199EPSS
Exploits0References3
euvd
euvd
added 2026/06/10 9:10 a.m.16 views

EUVD-2026-35998

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in...

6.5CVSS5.5AI score0.00199EPSS
Exploits0References3
cve
cve
added 2026/06/10 9:10 a.m.26 views

CVE-2026-11852

Debusine CVE-2026-11852 affects a Debian-based distribution tool. The vulnerability arises because endpoints that create or delete relationships between artifacts perform no permission checks beyond artifact visibility, enabling unauthorized relationship management. The CVSS indicates Network acc...

6.5CVSS5.5AI score0.00199EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/10 9:10 a.m.12 views

CVE-2026-11852

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in...

5.5AI score0.00199EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.27 views

PT-2026-48482

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 2.0.0 through 2.0.13 Description Private services configured with EnableShowInService: false are enumerable, leading to the leak of service names and timing data. While the main service-listing endpoint correctly...

5.3CVSS5.3AI score0.00253EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/06/09 8:59 p.m.10 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS5.3AI score0.00268EPSS
Exploits1References1
cvelist
cvelist
added 2026/06/09 6:9 p.m.42 views

CVE-2026-10045 CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

0.00209EPSS
Exploits0References1
Rows per page
Query Builder