CVE-2026-22216 wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

Regular Expression Denial of Service (ReDoS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the handling of $regex in the LiveQuery component. An attacker can cause the...

The vulnerability of the asynchronous messaging library ZeroMQ, related to the occurrence of stack buffer overflows on the server, allows attackers to compromise the confidentiality, integrity, and accessibility of the system.

The vulnerability of the asynchronous messaging library ZeroMQ relates to the invocation of a buffer overflow on the server. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the system by sending specially crafted subscription...