惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
T
Threatpost
Spread Privacy
Spread Privacy
S
Security Archives - TechRepublic
G
GRAHAM CLULEY
P
Privacy & Cybersecurity Law Blog
SecWiki News
SecWiki News
S
Security Affairs
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
Scott Helme
Scott Helme
B
Blog
WordPress大学
WordPress大学
腾讯CDC
小众软件
小众软件
T
The Exploit Database - CXSecurity.com
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Hugging Face - Blog
Hugging Face - Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
T
Tenable Blog
S
Secure Thoughts
Microsoft Azure Blog
Microsoft Azure Blog
雷峰网
雷峰网
T
Troy Hunt's Blog
GbyAI
GbyAI
The Last Watchdog
The Last Watchdog
MyScale Blog
MyScale Blog
V
Visual Studio Blog
P
Palo Alto Networks Blog
Martin Fowler
Martin Fowler
量子位
Forbes - Security
Forbes - Security
T
Threat Research - Cisco Blogs
人人都是产品经理
人人都是产品经理
Attack and Defense Labs
Attack and Defense Labs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
SegmentFault 最新的问题
A
About on SuperTechFans
NISL@THU
NISL@THU
Application and Cybersecurity Blog
Application and Cybersecurity Blog
M
MIT News - Artificial intelligence
Hacker News: Ask HN
Hacker News: Ask HN
阮一峰的网络日志
阮一峰的网络日志
博客园 - Franky
T
Tor Project blog
Engineering at Meta
Engineering at Meta
The Register - Security
The Register - Security
博客园 - 聂微东
云风的 BLOG
云风的 BLOG
AWS News Blog
AWS News Blog

Full Disclosure

Local Privilege Escalation in Slate Digital Connect (macOS) Full Disclosure: SEC Consult SA-20260609-0 :: Multiple Local Privilege Escalation Vulnerabilities in Waves Audio [KIS-2026-11] Discuz! <= X5.0 (enable_disable.php) Local File Inclusion Vulnerability [KIS-2026-09] Discuz! X5.0 (UC_KEY) Cross-Context Token Reuse Vulnerability Privilege Escalation via Binary Planting in Genetec-provided RabbitMQ in multiple Genetec products [SYSS-2026-004] SAP NetWeaver SAML XML Signature Wrapping Full Disclosure: [REVIVE-SA-2026-002] Revive Adserver Vulnerabilities Full Disclosure: CyberDanube Security Research 20260528-0 four vulnerabilities — two unfixed, GHSA without a CVE Full Disclosure: Re: Dovecot Security Advisory OXDC-2026-0002 SSRF in Anthropic mcp-server-fetch and Microsoft playwright-mcp — publicly disclosed via GitHub issues Full Disclosure: [SECURITY ADVISORY] CVE-2021-21735 Full Disclosure: [SECURITY ADVISORY] CVE-2026-34474 Full Disclosure: [SECURITY ADVISORY] CVE-2026-34472 Full Disclosure: [SECURITY ADVISORY] CVE-2026-34473 Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect Full Disclosure: APPLE-SA-05-13-2026-1 Safari 26.5 Full Disclosure: APPLE-SA-05-11-2026-11 visionOS 26.5 Full Disclosure: APPLE-SA-05-11-2026-10 watchOS 26.5 Full Disclosure: APPLE-SA-05-11-2026-9 tvOS 26.5 Full Disclosure: APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7 Full Disclosure: APPLE-SA-05-11-2026-7 macOS Sequoia 15.7.7 APPLE-SA-05-11-2026-5 iOS 15.8.8 and iPadOS 15.8.8 APPLE-SA-05-11-2026-4 iOS 16.7.16 and iPadOS 16.7.16 Full Disclosure: APPLE-SA-05-11-2026-3 iPadOS 17.7.11 APPLE-SA-05-11-2026-2 iOS 18.7.9 and iPadOS 18.7.9 APPLE-SA-05-11-2026-1 iOS 26.5 and iPadOS 26.5 Impersonation attacks on Edupage portal Edupage web and mobile application authorization bypass leaks PII and IBAN codes Full Disclosure: Dovecot Security Advisory OXDC-2026-0002 Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro (CVE-2024-13971) Arbitrary File Read and Server Side Request Forgery via XML External Entities in 4D Server SOAP (CVE-2024-39847) ESP-RFID-Tool v2 PRO — Full Public Disclosure DLL Hijacking in EfficientLab Controlio (cloud-based employee monitoring service) Broken Access Control in Config Endpoint in LiteLLM Exposed Private Key of X.509 Certificate in SAP HANA Cockpit & SAP HANA Database Explorer APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8 APPLE-SA-04-22-2026-1 iOS 26.4.2 and iPadOS 26.4.2 When Trusted Tools Become Attack Primitives [KIS-2026-08] SocialEngine <= 7.8.0 (get-memberall) SQL Injection Vulnerability [KIS-2026-07] SocialEngine <= 7.8.0 Blind Server-Side Request Forgery Vulnerability Full Disclosure: Trojan-Spy.Win32.Small / Remote Command Execution Full Disclosure: [IWCC 2026] CfP: 15th International Workshop on Cyber Crime GoAnywhere MFT Email HTML Injection Full Disclosure: CyberDanube Security Research 20260408-1 Full Disclosure: CyberDanube Security Research 20260408-0 Improper Enforcement of Locked Accounts in WebUI (SSO) in Kiuwan SAST on-premise (KOP) & cloud/SaaS Broken Access Control in Open WebUI Full Disclosure: SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) 14 Third-Party Endpoints, 6 Countries, Zero User Visibility [KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability Full Disclosure: APPLE-SA-03-24-2026-10 Xcode 26.4 Full Disclosure: APPLE-SA-03-24-2026-9 Safari 26.4 Full Disclosure: APPLE-SA-03-24-2026-8 visionOS 26.4 Full Disclosure: APPLE-SA-03-24-2026-7 watchOS 26.4 Full Disclosure: APPLE-SA-03-24-2026-6 tvOS 26.4 Full Disclosure: APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5 Full Disclosure: APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5 Full Disclosure: APPLE-SA-03-24-2026-3 macOS Tahoe 26.4 APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7 APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4
[KIS-2026-10] Discuz! <= X5.0 OCR-based CAPTCHA Bypass Vulnerability
Egidio Romano · 2026-06-16 · via Full Disclosure
fulldisclosure logo

Full Disclosure mailing list archives

From: Egidio Romano <n0b0d13s () gmail com>
Date: Mon, 15 Jun 2026 20:43:10 +0200
------------------------------------------------------
Discuz! <= X5.0 OCR-based CAPTCHA Bypass Vulnerability
------------------------------------------------------


[-] Software Link:

https://www.discuz.vip


[-] Affected Versions:

Version X5.0, releases 20260320 through 20260610.
Older X3.4 and X3.5 releases may be affected too.


[-] Vulnerability Description:

A security weakness in the CAPTCHA implementation of Discuz! allows
automated solving of CAPTCHA challenges through Optical Character
Recognition (OCR) techniques.

Due to the limited complexity and predictability of the generated CAPTCHA
images, an attacker can train a custom OCR model to reliably recognize the
challenge text, effectively bypassing a security control intended to
prevent automated abuse.

This issue may facilitate automated registration, login, credential
stuffing, and exploitation workflows that rely on CAPTCHA-protected
functionality.


[-] Proof of Concept:

https://karmainsecurity.com/pocs/discuz_captcha_bypass.zip


[-] Solution:

No official solution is currently available.


[-] Disclosure Timeline:

[27/04/2026] - Vendor contacted through private messages on gitee.com, no
response
[27/04/2026] - Vendor contacted via e-mail at admin () discuz vip and
security () tencent com, no response
[07/05/2026] - Opened issue IJLFUW on https://gitee.com/Discuz/DiscuzX
[09/05/2026] - Vulnerability details shared within issue IJLFUW
[09/05/2026] - Vendor replied "OCR-based CAPTCHA bypass is a well-known
issue"
[09/06/2026] - CVE identifier requested
[09/06/2026] - CVE identifier assigned
[13/06/2026] - Public disclosure at hackmeeting 0x1D
[15/06/2026] - Publication of this advisory


[-] CVE Reference:

CVE-2026-49953 has been assigned to this vulnerability.


[-] Credits:

Vulnerability discovered by Egidio Romano.


[-] Original Advisory:

https://karmainsecurity.com/KIS-2026-10


[-] Technical write-up:

https://karmainsecurity.com/chaining-bugs-in-discuz-from-race-condition-to-rce
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

  • [KIS-2026-10] Discuz! <= X5.0 OCR-based CAPTCHA Bypass Vulnerability Egidio Romano (Jun 15)

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。