EUVD-2026-37882

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

EUVD-2026-36382

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

CVE-2020-37222

Kuicms Php EE 2.0 is affected by a persistent cross-site scripting (XSS) vulnerability. The issue allows unauthenticated attackers to inject arbitrary scripts by submitting crafted content through the bbs reply endpoint (POST to /web/?c=bbs&a=reply) with HTML/JavaScript payloads in the content pa...

CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

phpBB 安全漏洞

phpBB is a set of web forum software developed by Ariefibis. Version 3.3.15 of phpBB has a security vulnerability; this vulnerability stems from the cross-site request forgery functionality in the administration control panel icons, which may allow for the execution of arbitrary code...

CVE-2019-25685

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

MyBB（MyBulletinBoard） 跨站脚本漏洞

MyBB is a free, web-based forum software developed by the MyBB team using PHP and MySQL. This software features simplicity in use, support for multiple languages, and scalability. Version 2.0.3 of MyBB contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning ...

PT-2026-29429

XenForo before 2.3.9 is vulnerable to stored cross-site scripting XSS related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content...

WordPress plugin Pondol BBS has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2025-52716

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.32 Description MyBB version 1.8.32 contains a chained issue that allows authenticated administrators to bypass avatar upload restrictions and potentially execute arbitrary code. Attackers can modify upload path settings, uploa...

MyBB 路径遍历漏洞

MyBB MyBulletinBoard is a free and Web-based forum software developed by MyBB team using PHP and MySQL. The software is easy to use, supports multiple languages, scalable and so on. A path traversal vulnerability exists in MyBB version 1.8.32, which originates from allowing an authenticated...

CVE-2025-61074

A stored Cross Site Scripting XSS vulnerability in the bulletin board SchwarzeBrett in adata Software GmbH Mitarbeiter Portal 2.15.2.0 allows remote authenticated users to execute arbitrary JavaScript code in the web browser of other users via manipulation of the 'Inhalt' parameter of the...

CVE-2025-61074

A stored Cross Site Scripting XSS vulnerability in the bulletin board SchwarzeBrett in adata Software GmbH Mitarbeiter Portal 2.15.2.0 allows remote authenticated users to execute arbitrary JavaScript code in the web browser of other users via manipulation of the 'Inhalt' parameter of the...

CVE-2025-63807

An issue was discovered in weijiang1994 university-bbs aka Blogin in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13. A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...

CVE-2025-63807

An issue was discovered in weijiang1994 university-bbs aka Blogin in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13. A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...

CVE-2025-63807

CVE-2025-63807 affects the weijiang1994 university-bbs (aka Blogin). The weakness is a weak verification code generation mechanism together with missing rate limiting, enabling brute-force attempts on verification codes without authentication. Successful exploitation may lead to account takeover ...

CVE-2025-63807

An issue was discovered in weijiang1994 university-bbs aka Blogin in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13. A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...

CVE-2025-61464

gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...

EUVD-2002-1808

Malware in sbrugna...