10
CVE-2026-32169 - Azure Cloud Shell Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.
6.8
CVE-2026-32747 - SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrβ¦
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs() with no workspace boundary check, relying solely on util.IsSensitivePath() whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admiβ¦
1.2
CVE-2026-3230 - Improper key_share validation in TLS 1.3 HelloRetryRequest
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resβ¦
5.1
CVE-2026-27740 - Discourse has Stored XSS in AI Triage Automation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model (LLM) and renders it using htmlSafe in the Review Queue interfaβ¦
8.6
CVE-2026-32622 - SQLBot: Remote Code Execution via Terminology Poisoning
SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, uβ¦
5.1
CVE-2026-27570 - Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 containβ¦
6.9
CVE-2026-27491 - Discourse has a bypass of official warnings messages by non-staff users
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issue in a post actions API endpoint allowed non-staff users to issue warnings to other users. Warnings are a staff-only moderation feature. The vulnerability required the aβ¦
9
CVE-2026-30924 - qui CORS Misconfiguration: Arbitrary Origins Trusted
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a loggβ¦
1.3
CVE-2026-4395 - Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to β¦
5.3
CVE-2026-27454 - Discourse has check revision visibility on posts endpoint
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The display_post method called post.revert_to directly without verifying whether the revision was hiddeβ¦