CVE

CVE-2026-32750 SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFro… cve.org/CVERecord?id=C…

CVE-2026-27934 Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API e… cve.org/CVERecord?id=C…

CVE-2026-4159 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-boun… cve.org/CVERecord?id=C…

CVE-2026-32194 Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a ne… cve.org/CVERecord?id=C…

CVE-2026-32752 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit() method contains a broken ac… cve.org/CVERecord?id=C…

CVE-2026-32753 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG saniti… cve.org/CVERecord?id=C…

CVE-2026-27935 Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses pr… cve.org/CVERecord?id=C…

CVE-2026-32754 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting (XSS) thro… cve.org/CVERecord?id=C…

CVE-2026-32815 SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoint (/ws) allows unauthenticated connections when specific URL param… cve.org/CVERecord?id=C…

CVE-2026-27936 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action count… cve.org/CVERecord?id=C…

CVE-2026-28282 Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which… cve.org/CVERecord?id=C…

CVE-2026-29072 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation g… cve.org/CVERecord?id=C…

CVE-2026-30871 OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vu… cve.org/CVERecord?id=C…

CVE-2026-4342 A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary c… cve.org/CVERecord?id=C…

CVE-2026-32099 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has `hide_profile` enabled, their bio, locat… cve.org/CVERecord?id=C…

CVE-2026-30872 OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vu… cve.org/CVERecord?id=C…

CVE-2026-33410 Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message … cve.org/CVERecord?id=C…

CVE-2026-30873 OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexic… cve.org/CVERecord?id=C…

CVE-2026-33355 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `/private-posts` endpoint did not apply post-type vi… cve.org/CVERecord?id=C…

CVE-2026-33393 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `allowed_spam_host_domains` check used `String#end_w… cve.org/CVERecord?id=C…