CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

EUVD•added 2026/02/26 9:27 p.m.•6 views

EUVD-2026-8901

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the publishtocategory topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known...

5.1CVSS5.4AI score0.03121EPSS

Exploits0References1

Positive Technologies•added 2026/02/26 12:0 a.m.•6 views

PT-2026-22197

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. Trust Level 4 TL4 users could publish topics into staff-only categorie...

5.1CVSS5.9AI score0.03121EPSS

Exploits0References7

ATTACKERKB•added 2026/02/18 9:25 a.m.•4 views

CVE-2026-2126

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS5.7AI score0.00345EPSS

Exploits0References5

Patchstack•added 2026/02/18 12:42 a.m.•8 views

WordPress User Submitted Posts plugin <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability

Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability discovered by type5afe in WordPress Plugin User Submitted Posts versions = 20260113...

5.3CVSS5.5AI score0.00345EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by