CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/03/26 3:6 p.m.•0 views

CVE-2026-22216

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

6.9CVSS6AI score0.00071EPSS

RedhatCVE•added 2026/03/26 3:6 p.m.•0 views

CVE-2026-22215

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

5.4CVSS5.6AI score0.00025EPSS

RedhatCVE•added 2026/03/26 3:6 p.m.•3 views

CVE-2026-22201

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTPCLIENTIP or HTTPXFORWARDEDFOR headers to spoof their IP address and circumvent...

6.9CVSS5.8AI score0.00021EPSS

8.7CVSS5.8AI score0.00172EPSS

CVE-2026-22199

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

RedhatCVE•added 2026/03/26 3:6 p.m.•0 views

CVE-2026-22183

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfilteredhtml capabilities can inject JavaScript...

6.1CVSS5.6AI score0.00052EPSS

8.1CVSS5.6AI score0.00026EPSS

CVE-2026-22202

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to...

5.2CVSS6.1AI score0.00009EPSS

CVE-2026-22191

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by...

9.9CVSS5.8AI score0.00059EPSS

CVE-2026-22192

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access...

RedhatCVE•added 2026/03/26 2:58 p.m.•3 views

CVE-2026-22193

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

9.2CVSS6AI score0.00039EPSS

RedhatCVE•added 2026/03/26 2:57 p.m.•2 views

CVE-2026-22182

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and commentid...

8.7CVSS5.9AI score0.00048EPSS

Exploits1References1

CNVD•added 2026/03/19 12:0 a.m.•1 views

WordPress Plugin wpDiscuz Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin wpDiscuz, which stems fr...

6.9CVSS5.8AI score0.00051EPSS

EUVD•added 2026/03/13 9:31 p.m.•2 views

EUVD-2026-11745

wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the...

6.9CVSS5.8AI score0.00172EPSS

6.9CVSS5.9AI score0.00071EPSS

EUVD-2026-11753

6.9CVSS5.8AI score0.00051EPSS

EUVD-2026-11748

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

8.7CVSS5.9AI score0.00048EPSS

EUVD-2026-11739

Exploits1References4

5.5CVSS5.9AI score0.00012EPSS

EUVD-2026-11750

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like alert1 in the custom CSS setting to execute arbitrary JavaScript i...

EUVD•added 2026/03/13 9:31 p.m.•2 views

EUVD-2026-11743

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by importing a crafted options file with unescaped customCss field values. Attackers can supply a malicious JSON import file containing script payloads in...

6.3CVSS5.8AI score0.00059EPSS