CVE-2026-5809

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topicadd and topicedit action handlers accept arbitrary user-supplied data arrays from $REQUEST and store them as postmeta without...

PT-2026-32096

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic add and topic edit action handlers accept arbitrary user-supplied data arrays from $ REQUEST and store them as postmeta without...

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Discourse Information Disclosure Vulnerability (CNVD-2026-17249)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . An information disclosure vulnerability exists in Discourse. The vulnerability stems from the fact that an authenticated user can send an...

Discourse authorization issue vulnerability (CNVD-2026-17262)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse is vulnerable to an authorization issue. The vulnerability stems from the fact that a user who loses access to a topic can stil...

EUVD-2026-20958

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument postid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

Improper Validation of Unsafe Equivalence in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via the TopicSelectorStore process. An attacker can access private updates intended for authorized subscribers or prevent delivery to legitimate recipients by poisoning the match result...

Improper Validation of Unsafe Equivalence in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via the TopicSelectorStore process. An attacker can access private updates intended for authorized subscribers or prevent delivery to legitimate recipients by poisoning the match result...

CVE-2026-5961

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument postid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

CVE-2026-39972

Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...

CVE-2026-39958

oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...

CVE-2026-39972

CVE-2026-39972 affects Mercure prior to 0.22.0. A cache key collision in TopicSelectorStore arises from concatenating topicSelector and topic with an underscore, which can produce identical keys for different pairs because both fields may contain underscores. An attacker who can subscribe or publ...

EUVD-2026-20967

Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...

CVE-2026-39972

Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...

CVE-2026-39972 Mercure has a Topic Selector Cache Key Collision

Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...

CVE-2026-39958 oma-topic: name Field in Topic Manifests (topic.json) May Allow CRLF Injection

oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...

EUVD-2026-20962

oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...

CVE-2026-39958 oma-topic: name Field in Topic Manifests (topic.json) May Allow CRLF Injection

oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...

CVE-2026-39958

oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...

CVE-2026-39958

The CVE concerns oma, the package manager for AOSC OS. Before version 1.25.2, oma-topics fetched metadata for Topic Manifests from remote repositories and registered them as APT sources. The name field in that metadata was not validated for transliteration, allowing a malicious manifest to lead t...