Lucene search
K

252 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:51 p.m.6 views

CVE-2021-43786

Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible...

9.8CVSS6.7AI score0.02294EPSS
Exploits1
OSV
OSV
added 2025/04/17 10:15 p.m.6 views

CVE-2025-29460

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

7.6CVSS5.8AI score0.00326EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.4 views

WordPress plugin WP w3all phpBB 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

4.3CVSS5.9AI score0.00145EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 10:40 p.m.13 views

CVE-2022-36076

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added and later checked a nonce was inadvertently rendered opt-i...

8.8CVSS6.8AI score0.0046EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 9:44 p.m.7 views

CVE-2022-24734

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...

7.2CVSS7.4AI score0.77677EPSS
Exploits9References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:3 p.m.10 views

CVE-2022-46164

NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised ...

9.8CVSS6.5AI score0.48994EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:41 p.m.10 views

CVE-2022-39265

MyBB is a free and open source forum software. The Mail Settings → Additional Parameters for PHP's mail function mailparameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution RCE. The...

7.2CVSS7AI score0.02155EPSS
Exploits1References1
NVD
NVD
added 2024/11/01 5:15 p.m.26 views

CVE-2024-51492

Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...

8.8CVSS0.00457EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/01 4:22 p.m.25 views

CVE-2024-51492 Zusam vulnerable to stored XSS, allowing token theft via crafted SVG

Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...

8.8CVSS0.00457EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/03 12:0 a.m.11 views

SMF 安全漏洞

SMF Simple Machines Forum is a free, open source community forum project from Simple Machines Open Source. A security vulnerability exists in SMF version 2.1.4 that stems from manipulation of the parameter aid resulting in improper control of resource identifiers...

5.5CVSS5.4AI score0.00442EPSS
Exploits1References5
OSV
OSV
added 2024/06/07 12:15 p.m.3 views

CVE-2024-5733

A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerme.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS5.7AI score0.00622EPSS
Exploits1References4
NVD
NVD
added 2024/05/01 7:15 a.m.27 views

CVE-2024-23335

MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...

4.7CVSS4.7AI score0.00559EPSS
Exploits0References3
NVD
NVD
added 2024/05/01 7:15 a.m.41 views

CVE-2024-23336

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery SSRF vulnerability. The Configuration File's Disallowed Remote Addresses list $config'disallowedremoteaddresses'...

5CVSS5.3AI score0.00457EPSS
Exploits0References4
OSV
OSV
added 2024/05/01 6:27 a.m.17 views

CVE-2024-23335 Backups directory .htaccess deletion in. MyBB

MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...

4.7CVSS6.7AI score0.00559EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/01 6:27 a.m.28 views

CVE-2024-23335 Backups directory .htaccess deletion in. MyBB

MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...

4.7CVSS5AI score0.00559EPSS
Exploits0References3
CVE
CVE
added 2024/05/01 6:27 a.m.80 views

CVE-2024-23335

CVE-2024-23335 affects MyBB prior to 1.8.38. The backup management module in Admin CP may accept ".htaccess" as the backup file name, potentially exposing stored backups over HTTP on Apache servers. The fixed version is MyBB 1.8.38. Remediation: upgrade to 1.8.38 (no public workarounds documented...

4.7CVSS4.8AI score0.00559EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/01 6:27 a.m.15 views

CVE-2024-23335 Backups directory .htaccess deletion in. MyBB

MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...

4.7CVSS6.6AI score0.00559EPSS
Exploits0References3
CVE
CVE
added 2024/05/01 6:27 a.m.67 views

CVE-2024-23336

CVE-2024-23336 concerns MyBB (prior to 1.8.38) where the default Disallowed Remote Addresses list did not include 127.0.0.0/8, enabling potential SSRF against internal resources. The issue stems from the configuration in inc/config.php where disallowed_remote_addresses contains 127.0.0.1 but omit...

5CVSS7AI score0.00457EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/05/01 6:27 a.m.35 views

CVE-2024-23336 Incomplete disallowed remote addresses list in MyBB

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery SSRF vulnerability. The Configuration File's Disallowed Remote Addresses list $config'disallowedremoteaddresses'...

5CVSS5.6AI score0.00457EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.5 views

Codoforum 安全漏洞

Codoforum is a PHP and MySQL based forum software. A security vulnerability exists in Codoforum version v4.9, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload...

5.4CVSS6.1AI score0.00425EPSS
Exploits1References2
Rows per page
Query Builder