CVE Notify
19.1K subscribers
4 photos
182K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2026-44779
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.

🎖@cveNotify
🚨 CVE-2026-12318
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

🎖@cveNotify
🚨 CVE-2024-24709
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Shareaholic: from n/a through 9.7.11.

🎖@cveNotify
🚨 CVE-2024-31435
: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Social Media & Share Icons: from n/a through 2.8.6.

🎖@cveNotify
🚨 CVE-2024-32729
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal.

This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.

🎖@cveNotify
🚨 CVE-2024-32949
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Integrate Google Drive: from n/a through 1.3.8.

🎖@cveNotify
🚨 CVE-2024-33685
Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Startupzy: from n/a through 1.1.1.

🎖@cveNotify
🚨 CVE-2024-33909
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects iPages Flipbook: from n/a through 1.5.1.

🎖@cveNotify
🚨 CVE-2024-34810
Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery.

This issue affects Skyline WP: from n/a through 1.0.10.

🎖@cveNotify
🚨 CVE-2024-35648
Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery.

This issue affects Emergency Password Reset: from n/a through 8.0.

🎖@cveNotify
🚨 CVE-2024-37210
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects AliNext: from n/a through 3.3.5.

🎖@cveNotify
🚨 CVE-2024-37496
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Metro Magazine: from n/a through 1.3.7.

🎖@cveNotify
🚨 CVE-2025-31013
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS.

This issue affects Themify Folo: from n/a through 1.9.6.

🎖@cveNotify
🚨 CVE-2025-48571
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

🎖@cveNotify
🚨 CVE-2025-48617
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🎖@cveNotify
🚨 CVE-2025-48640
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🎖@cveNotify
🚨 CVE-2025-48643
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🎖@cveNotify