1237 matches found
CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...
On the Necessity of Pre-Agreed Secrets for Thwarting Last-Minute Coercion: Vulnerabilities and Lessons from the Loki E-Voting Protocol
Coercion-resistance CR is a crucial security property in e-voting systems. It ensures that an attacker cannot compel a voter to vote in a specific way by using threats or rewards. The Loki e-voting protocol, proposed by Giustolisi \emphet al. at IEEE S&P 2024, introduces a novel design that...
Discourse 授权问题漏洞
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse is vulnerable to an authorization issue. The vulnerability stems from the fact that a user who loses access to a topic can stil...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, as well as versions before 2026.2.1 and 2026.1.2, have security...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contained security vulnerabilities. These vulnerabilities...
Secrecy and Verifiability: An Introduction to Electronic Voting
Democracies are built upon secure and reliable voting systems. Electronic voting systems seek to replace ballot papers and boxes with computer hardware and software. Proposed electronic election schemes have been subjected to scrutiny, with researchers spotting inherent faults and weaknesses...
Exploit for CVE-2026-25126
CVE-2026-25126: PolarLearn Vote Count Manipulation Research...
WordPress Himer theme < 2.1.1 - Bypass Poll Voting Restrictions via CSRF vulnerability
Bypass Poll Voting Restrictions via CSRF vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...
Mastodon security vulnerabilities
Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to 4.3.18, 4.4.12, and 4.5.5 contained security vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the maximum number of remote post voting options, which could lead t...
Internet Voting is Too Insecure for Use in Elections
No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer. Executive summary: Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology...
SecureSplit: Mitigating Backdoor Attacks in Split Learning
Split Learning SL offers a framework for collaborative model training that respects data privacy by allowing participants to share the same dataset while maintaining distinct feature sets. However, SL is susceptible to backdoor attacks, in which malicious clients subtly alter their embeddings to...
CVE-2023-43470
SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component...
CVE-2022-0321
The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the postid parameter before outputting it back in the response via the wpvcsocialshareicons AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...
CVE-2025-68990
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...
CVE-2025-68991
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...
EUVD-2025-205746
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...
EUVD-2025-205745
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...
CVE-2025-68991
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...
CVE-2025-68990
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...
CVE-2025-68990 WordPress BWL Pro Voting Manager plugin <= 1.4.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...