EUVD-2026-15417

A Reflected Cross Site Scripting XSS vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This...

CVE-2025-65782

Wekan up to v18.15 is affected by an authorization flaw in card update handling that lets board members or other authenticated users add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vote forgery and unauthorized voting. The issue is fixed in v18.16. Affected compone...

CVE-2025-59579

Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through = 2.13.7...

EUVD-2002-2254

Malware in sbrugna...

EUVD-2006-0816

Malware in sbrugna...

EUVD-2022-7572

Malicious code in bioql PyPI...

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

PT-2025-26940 · Unknown · Iroha Board

Name of the Vulnerable Software and Affected Versions: iroha Board versions 0.10.12 and earlier Description: The issue is related to a direct request problem, also known as forced browsing or navegación forzada, which could allow an attacker who has logged in to the affected product to access...

CVE-2009-2221

Cross-site scripting XSS vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2025-37910 ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations On Adva boards, SMA sysfs store/get operations can call handlesignaloutputs or handlesignalinputs while the irig and dcf pointers are uninitialized, leading to a...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to delete card attachments in Board, allowing an attacker to access deleted attachments...

CVE-2022-45970

Alist v3.5.1 is vulnerable to Cross Site Scripting XSS via the bulletin board...

CVE-2022-4354 LinZhaoguan pb-cms Message Board comment cross site scripting

A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has be...

Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing

The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. curl https://example.com/wp-content/uploads/wpjobboard Search for this path / folder in search engines to find...

PT-2021-23575 · Unknown · Shinher Studyonline System

Name of the Vulnerable Software and Affected Versions: ShinHer StudyOnline System affected versions not specified Description: The issue concerns the "List View" function not being under authority control, allowing remote attackers to access other users' message board content by manipulating URL...

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 CyVDB-1727 Operational restrictions bypass vulnerability in Bulletin Board CWE-264 - CVE-2021-20625...

Maccms V8 XSS可打后台 #3

简要描述： 刚发了个后台getshell，但是屌丝的攻城狮要怎么进入后台呢？XSS呀 本应该两个洞一起发的，xss+后台getshell=getshell，手快发早了，只好再找个其它的接口来充数了 详细说明： 在留言板本处 插入即可 打后台 漏洞证明： 结合后台漏洞攻击： 1. 后台任意文件删除，可删除install.lock导致重装 接口 http://localhost/maccms8/admin/?m=extend-picdel post参数： fname%5B%5D=..%2Fupload%2Fart%2F..%5C%5C..%5C%5C\inc\install.lock 2...

[EXPL] phpBB Remote PHP Code Execution &#40;viewtopic.php 2&#41;

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Ultimate PHP Board 1.8/1.9 - Weak Password Encryption

source: https://www.securityfocus.com/bid/13975/info Ultimate PHP Board is prone to a weak password encryption vulnerability. This issue is due to a failure of the application to protect passwords with a sufficiently effective encryption scheme. This issue may allow a malicious user to gain acces...