CVE-2026-49954 is a HIGH severity vulnerability in Discuz! X5.0 that allows authenticated administrators to execute arbitrary code via a local file inclusion (LFI) vulnerability. The vulnerability affects Discuz! X5.0 releases from 20260320 through 20260610. Attackers can exploit this vulnerability by importing a specially crafted plugin configuration containing path traversal sequences in the directory a [truncated]
CVE-2026-49953 is a CAPTCHA bypass vulnerability in Discuz! X5.0 releases from 20260320 to 20260610. The vulnerability allows unauthenticated remote attackers to bypass challenge controls by exploiting the limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical character recognition model against collected CAPTCHA samples to reliably predict chal [truncated]
