{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T15:17:56.893","vulnerabilities":[{"cve":{"id":"CVE-2026-22199","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-03-13T19:54:09.933","lastModified":"2026-04-23T13:16:11.417","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can exploit this vulnerability to disclose sensitive files such as password hashes, which can be cracked offline to obtain root-level access and enable full system compromise."},{"lang":"es","value":"wpDiscuz antes de 7.6.47 contiene una vulnerabilidad de manipulación de votos que permite a los atacantes manipular los votos de los comentarios al obtener nonces frescos y eludir la limitación de velocidad a través de encabezados controlados por el cliente. Los atacantes pueden variar los encabezados User-Agent para restablecer los límites de velocidad, solicitar nonces desde el endpoint wpdGetNonce no autenticado y votar varias veces utilizando rotación de IP o manipulación de encabezados de proxy inverso."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"7.6.47","matchCriteriaId":"A81F51B9-0C21-4F7E-876B-C09A66B9AE05"}]}]}],"references":[{"url":"https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt","source":"disclosure@vulncheck.com"},{"url":"https://voltronicpower.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-path-traversal-via-upload-cgi","source":"disclosure@vulncheck.com"},{"url":"https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}