238 matches found
CVE-2026-59828
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...
CVE-2026-59828
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...
CVE-2026-59828
CVE-2026-59828 affects the Discourse open‑source discussion platform. Before versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This could di...
CVE-2026-59828 Discourse: Hidden post revisions leak through adjacent visible diffs
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...
EUVD-2026-41762
Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4...
CVE-2026-12250 Sensitive Data Exposure in TUBITAK BILGEM's Pardus Domain Joiner
Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4...
CVE-2026-50009
Netty QUIC (prior to 4.2.15.Final) exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. An on-path attacker observing QUIC headers after a source-CID rotation can derive the server’s current source-CID reset to...
CVE-2026-50009 Netty QUIC stateless reset token material exposed through header-visible connection IDs
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...
CVE-2026-50009 Netty QUIC stateless reset token material exposed through header-visible connection IDs
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...
Meta’s face-recognition code raises new concerns about smart glasses
Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,” into its Meta AI companion app, which powers the company’s smart glasses. The code was not...
CVE-2025-31982
HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...
CVE-2026-40589
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...
CVE-2026-48210
An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...
Astra Linux – Vulnerability in Firefox
When a network error occurred during page loading, the previous content could remain visible, accompanied by a blank URL bar. This could be used to disguise a spoofed website. This vulnerability affects Firefox versions earlier than 126...
PT-2026-38551
Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.214 Description The backend conversation change customer action fails to properly validate the customer email variable. While the Change Customer modal filters out-of-scope customers via the mailbox-filtered...
EUVD-2025-209697
HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...
CVE-2025-31982
HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...
WordPress plugin Otter Blocks 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-35369
An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal SIGTERM to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massi...
EUVD-2026-24184
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...