Lucene search
K

1237 matches found

OSV
OSV
added 2026/03/31 5:40 p.m.6 views

CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

6.3CVSS5.8AI score0.0016EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/03/31 12:0 a.m.6 views

On the Necessity of Pre-Agreed Secrets for Thwarting Last-Minute Coercion: Vulnerabilities and Lessons from the Loki E-Voting Protocol

Coercion-resistance CR is a crucial security property in e-voting systems. It ensures that an attacker cannot compel a voter to vote in a specific way by using threats or rewards. The Loki e-voting protocol, proposed by Giustolisi \emphet al. at IEEE S&P 2024, introduces a novel design that...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.15 views

Discourse 授权问题漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse is vulnerable to an authorization issue. The vulnerability stems from the fact that a user who loses access to a topic can stil...

6.3CVSS5.8AI score0.0016EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, as well as versions before 2026.2.1 and 2026.1.2, have security...

8.2CVSS5.8AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.10 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contained security vulnerabilities. These vulnerabilities...

6.9CVSS5.8AI score0.0028EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/12 12:0 a.m.3 views

Secrecy and Verifiability: An Introduction to Electronic Voting

Democracies are built upon secure and reliable voting systems. Electronic voting systems seek to replace ballot papers and boxes with computer hardware and software. Proposed electronic election schemes have been subjected to scrutiny, with researchers spotting inherent faults and weaknesses...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/31 8:7 a.m.282 views

Exploit for CVE-2026-25126

CVE-2026-25126: PolarLearn Vote Count Manipulation Research...

7.1CVSS5.9AI score0.00339EPSS
Exploits2
Patchstack
Patchstack
added 2026/01/30 9:0 a.m.8 views

WordPress Himer theme < 2.1.1 - Bypass Poll Voting Restrictions via CSRF vulnerability

Bypass Poll Voting Restrictions via CSRF vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...

6.3CVSS5.9AI score0.00193EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.13 views

Mastodon security vulnerabilities

Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to 4.3.18, 4.4.12, and 4.5.5 contained security vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the maximum number of remote post voting options, which could lead t...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2026/01/21 12:5 p.m.3 views

Internet Voting is Too Insecure for Use in Elections

No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer. Executive summary: Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.5 views

SecureSplit: Mitigating Backdoor Attacks in Split Learning

Split Learning SL offers a framework for collaborative model training that respects data privacy by allowing participants to share the same dataset while maintaining distinct feature sets. However, SL is susceptible to backdoor attacks, in which malicious clients subtly alter their embeddings to...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.5 views

CVE-2023-43470

SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component...

9.8CVSS8.8AI score0.01247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.10 views

CVE-2022-0321

The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the postid parameter before outputting it back in the response via the wpvcsocialshareicons AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.00783EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/31 11:5 a.m.3 views

CVE-2025-68990

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

8.5CVSS7.7AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 11:5 a.m.5 views

CVE-2025-68991

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

6.5CVSS6.4AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 12:30 p.m.3 views

EUVD-2025-205746

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

9.8CVSS7.1AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/30 12:30 p.m.6 views

EUVD-2025-205745

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

6.1CVSS5.9AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2025/12/30 11:15 a.m.5 views

CVE-2025-68991

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

6.5CVSS0.00156EPSS
Exploits0References1
NVD
NVD
added 2025/12/30 11:15 a.m.3 views

CVE-2025-68990

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

8.5CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/30 10:47 a.m.23 views

CVE-2025-68990 WordPress BWL Pro Voting Manager plugin <= 1.4.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

8.5CVSS0.00253EPSS
Exploits0References1
Rows per page
Query Builder