4 matches found
CVE-2026-48780 Forem vulnerable to bypass of email address domain restrictions
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...
CVE-2026-48780
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...
CVE-2023-27160
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery SSRF via the component /articles/id. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request...
CVE-2023-27160
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery SSRF via the component /articles/id. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request...