9.5
CVE-2026-30871 - OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question function. The issue is triggered by PTR queries for reverse DNS domains (.in-addr.arpa and .ip6.arβ¦
8.2
CVE-2026-29072 - Discourse missing permission check for policy creation in discourse-policy
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, and β¦
2.3
CVE-2026-28282 - Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a privβ¦
6.9
CVE-2026-27936 - Discourse discloses restricted post-action counts to non-privileged users
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action counts to be disclosed to non-privileged users through a carefully crafted request. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conβ¦
5.3
CVE-2026-32815 - SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass β Unauthenticated Information Diβ¦
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoint (/ws) allows unauthenticated connections when specific URL parameters are provided (?app=siyuan&id=auth&type=auth). This bypass, intended for the login page to keep the kernel alive, allows any extβ¦
9.3
CVE-2026-32754 - FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!})
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting (XSS) through FreeScout's email notification templates. Incoming email bodies are stored in the database without sanitization and rendered unesβ¦
6.9
CVE-2026-27935 - Discourse leaks private topic metadata to non-authorized users
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions 2026β¦
8.5
CVE-2026-32753 - FreeScout: Stored XSS through SVG file upload with filter bypass
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of image/svg+β¦
0
CVE-2026-32752 - FreeScout: Broken Access Control in ThreadPolicy β Any User Can Read/Edit All Customer Messages
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit() method contains a broken access control vulnerability that allows any authenticated user (regardless of role or mailbox access) to read and modify all customer-β¦
9.8
CVE-2026-32194 - Microsoft Bing Images Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.