CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

217 matches found

NVD•added 2026/05/04 7:15 a.m.•4 views

CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

8.1CVSS0.00033EPSS

Exploits0References1

CVE•added 2026/05/04 5:42 a.m.•14 views

CVE-2026-29199

CVE-2026-29199 affects phpBB prior to 3.3.16. The issue is a Host Header Injection in which, when force_server_vars is disabled, the server hostname is sourced from the HTTP Host header to build the password reset URL. An attacker who can control or influence the Host header can cause password re...

8.1CVSS5.8AI score0.00033EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/04 12:0 a.m.•2 views

PT-2026-36770

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.3.16 Description Host Header Injection occurs when force server vars is disabled, allowing the server's hostname to be extracted from the HTTP Host header to generate password reset link URLs. An attacker capable of...

8.1CVSS5.8AI score0.00033EPSS

Exploits0References5

CNNVD•added 2026/05/04 12:0 a.m.•4 views

phpBB 授权问题漏洞

phpBB is a set of web forum software developed by Ariefibis. Versions prior to phpBB 3.3.16 had authorization-related vulnerabilities. This vulnerability stemmed from host header injection, which could lead to malicious password reset links. When forceservervars is disabled, the server’s hostname...

8.1CVSS5.8AI score0.00033EPSS

Exploits0References1

ATTACKERKB•added 2026/04/05 8:45 p.m.•2 views

CVE-2019-25685

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when...

8.8CVSS6.3AI score0.00183EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/05 12:0 a.m.•2 views

PT-2026-30493

8.8CVSS6.3AI score0.00183EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:21 a.m.•5 views

CVE-2008-6507

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum...

5CVSS6.4AI score0.00375EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:9 a.m.•4 views

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

5.8CVSS7AI score0.00222EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:38 a.m.•9 views

CVE-2006-1775

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...

4.3CVSS6AI score0.00527EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:30 a.m.•4 views

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

7.5CVSS6.9AI score0.00253EPSS

Exploits0References1