CVE-2020-37233

CVE-2020-37233 affects WordPress Buddypress 6.2.0 via a persistent cross-site scripting in wp:html blocks (figure parameter). Exploitation requires moderator privileges and authenticated access; an iframe with event handlers (e.g., onload) can run when privileged users preview/view content, enabl...

CVE-2026-30888 Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

EUVD-2026-4874

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...

CVE-2025-64519

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

Discuz! moderation.inc.php 数据库'注射'漏洞

在文件include/moderation.inc.php里代码: $threadlist = $loglist = array; if$tids = implodeids$moderate $query = $db-query"SELECT FROM $tableprethreads WHERE tid IN $tids AND fid='$fid' AND displayorder='0' AND digest='0' LIMIT $tpp"; while$thread = $db-fetcharray$query ... $threadlist$thread'tid' =...

[waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20

waraxe-2007-SA049 - Multiple vulnerabilities in Phorum 5.1.20 ==================================================================== Author: Janek Vind "waraxe" Date: 19. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-49.html Target software description: Phorum 5.1.20...