Lucene search
+L

238 matches found

NVD
NVD
added 2026/07/09 10:17 p.m.8 views

CVE-2026-59828

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...

5.3CVSS0.00314EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:4 p.m.7 views

CVE-2026-59828

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2026/07/09 10:4 p.m.10 views

CVE-2026-59828

CVE-2026-59828 affects the Discourse open‑source discussion platform. Before versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This could di...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/07/09 10:4 p.m.2 views

CVE-2026-59828 Discourse: Hidden post revisions leak through adjacent visible diffs

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...

5.3CVSS6.1AI score0.00314EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/05 2:27 p.m.9 views

EUVD-2026-41762

Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4...

7.9CVSS5.9AI score0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/05 2:27 p.m.34 views

CVE-2026-12250 Sensitive Data Exposure in TUBITAK BILGEM's Pardus Domain Joiner

Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4...

7.9CVSS0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:47 p.m.34 views

CVE-2026-50009

Netty QUIC (prior to 4.2.15.Final) exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. An on-path attacker observing QUIC headers after a source-CID rotation can derive the server’s current source-CID reset to...

4.8CVSS5.4AI score0.00204EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 2:47 p.m.31 views

CVE-2026-50009 Netty QUIC stateless reset token material exposed through header-visible connection IDs

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

4.8CVSS0.00204EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 2:47 p.m.10 views

CVE-2026-50009 Netty QUIC stateless reset token material exposed through header-visible connection IDs

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

4.8CVSS5.4AI score0.00204EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/06/09 1:57 p.m.17 views

Meta’s face-recognition code raises new concerns about smart glasses

Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,” into its Meta AI companion app, which powers the company’s smart glasses. The code was not...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.13 views

CVE-2025-31982

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

6.5CVSS5.4AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40589

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...

7.6CVSS5.5AI score0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/31 9:11 p.m.15 views

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox

When a network error occurred during page loading, the previous content could remain visible, accompanied by a blank URL bar. This could be used to disguise a spoofed website. This vulnerability affects Firefox versions earlier than 126...

7.5CVSS7.1AI score0.00541EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.24 views

PT-2026-38551

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.214 Description The backend conversation change customer action fails to properly validate the customer email variable. While the Change Customer modal filters out-of-scope customers via the mailbox-filtered...

7.1CVSS5.8AI score0.00168EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/06 3:32 p.m.9 views

EUVD-2025-209697

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

6.5CVSS5.8AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 3:16 p.m.12 views

CVE-2025-31982

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

6.5CVSS0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.9 views

WordPress plugin Otter Blocks 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/04/22 5:16 p.m.5 views

CVE-2026-35369

An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal SIGTERM to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massi...

5.5CVSS0.00128EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 4:50 p.m.8 views

EUVD-2026-24184

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...

7.6CVSS5.7AI score0.00236EPSS
Exploits0References3
Rows per page
Query Builder