CVE-2026-33398

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes`

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

EUVD-2026-33949

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

PT-2026-45773

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/get quotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

CVE-2026-4666

CVE-2026-4666 affects the WordPress plugin wpForo Forum ≤ 2.4.16. The vulnerability arises from using extract($args, EXTR_OVERWRITE) on user-controlled input in Posts::edit(), with the post_edit action passing $_REQUEST['post'] to that method. An attacker can inject post[guestposting]=1 to overri...

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

PT-2026-33399

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTR OVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The post edit action handler in Actions.php passes...

EUVD-2026-9105

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...

CVE-2026-28556

Affected software: wpForo Forum 2.4.14. Vulnerability: missing authorization that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form handlers. Requires a valid form nonce; attackers can reorganize arbitrary forum content...

EUVD-2005-1892

Malware in sbrugna...

EUVD-2024-45364

Malicious code in bioql PyPI...

EUVD-2022-29835

Malicious code in bioql PyPI...

Zusam 跨站脚本漏洞

Zusam is a free and open source approach to Zusam Open Source. It is used to host private forums. A cross-site scripting vulnerability exists in versions of Zusam prior to 0.5.6, which stems from a specially crafted SVG file that allows unrestricted script execution when uploaded as an image to t...

DRUPAL-CONTRIB-2023-035

This module changes your forum administration page to allow you to set forums private. You can control what user roles can view, edit, delete, and post to each forum. You can also give each forum a list of users who have administrative access on that forum AKA moderators. This module requires the...

Forum Access - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-035

This module changes your forum administration page to allow you to set forums private. You can control what user roles can view, edit, delete, and post to each forum. You can also give each forum a list of users who have administrative access on that forum AKA moderators. This module requires the...

CVE-2022-25091

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature...

Design/Logic Flaw

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature...

CVE-2022-25091

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature...

Infopop Ultimate Bulletin Board 安全漏洞

Infopop Ultimate Bulletin Board is a web forum system from Infopop, Inc. A security vulnerability exists in Infopop Ultimate Bulletin Board version 5.47a and prior versions, which originated from a vulnerability that allows unauthenticated users to view messages in private forums by referring to...