NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-27154	Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML wh...	2026-02-26	1.3	NETWORK	LOW	NVD
CVE-2026-27153	Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CS...	2026-02-26	1.3	NETWORK	LOW	NVD
CVE-2026-25741	Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update...	2026-02-26	7.1	NETWORK	HIGH	NVD
CVE-2026-27162	Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, `posts_nearby` was checking topic access but the...	2026-02-26	4.9	NETWORK	MEDIUM	NVD
CVE-2026-27152	Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding m...	2026-02-26	1.3	NETWORK	LOW	NVD
CVE-2026-27151	Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the `move_posts` action only checked `can_move_p...	2026-02-26	1.3	NETWORK	LOW	NVD
CVE-2026-27150	Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing `validate_before_create` authorization i...	2026-02-26	1.3	NETWORK	LOW	NVD
CVE-2026-27149	Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filtering (`list_private...	2026-02-26	4.9	NETWORK	MEDIUM	NVD
CVE-2026-27021	Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked po...	2026-02-26	6.9	NETWORK	MEDIUM	NVD
CVE-2026-22207	OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to ga...	2026-02-26	9.8	NETWORK	CRITICAL	NVD
CVE-2026-22206	SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by ...	2026-02-26	8.8	NETWORK	HIGH	NVD
CVE-2026-22205	SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to acce...	2026-02-26	7.5	NETWORK	HIGH	NVD
CVE-2023-31364	Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine (VM) to flood a hos...	2026-02-26	8.3	NETWORK	HIGH	NVD
CVE-2026-27510	Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote ...	2026-02-26	9.6	NETWORK	CRITICAL	NVD
CVE-2026-27509	Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS ...	2026-02-26	8.0	ADJACENT_NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.