Lucene search
+L

298 matches found

Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-61520 Simple Machines Forum SSRF via image proxy

Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 prior to commit b4d23df contains a server-side request forgery vulnerability in the image proxy that allows authenticated attackers to trigger internal HTTP requests by embedding attacker-controlled URLs in BBCode image tags, which the pro...

7.7CVSS0.00251EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-61520

The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...

7.7CVSS6.1AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/07/10 5:16 p.m.8 views

CVE-2026-39903

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS0.00333EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/10 4:3 p.m.7 views

EUVD-2026-42941

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 4:3 p.m.9 views

CVE-2026-39903

The CVE concerns Simple Machines Forum (SMF) 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5. A single-character operator error in Sources/Actions/AttachmentApprove.php causes the permission check to always pass, enabling an authenticated low-privilege user to approve, reject, or delete any pendi...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/07/10 4:3 p.m.6 views

CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:3 p.m.3 views

CVE-2026-39903

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/10 4:3 p.m.30 views

CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS0.00333EPSS
Exploits0References5
OSV
OSV
added 2026/07/10 4:3 p.m.2 views

CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.9 views

CVE-2019-11574

An issue was discovered in Simple Machines Forum SMF before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls...

9.8CVSS6.8AI score0.0147EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:26 a.m.8 views

CVE-2019-12490

An issue was discovered in Simple Machines Forum SMF before 2.0.16. Reverse tabnabbing can occur because of use of blank for external links...

6.5CVSS6.9AI score0.01574EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/12/23 12:0 a.m.4 views

Simple Machines Forum (SMF) <= 2.1.6 XSS Vulnerability

Simple Machines Forum SMF is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6.6AI score0.00214EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/19 6:30 a.m.20 views

CVE-2025-67163

A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...

6.1CVSS5.6AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 8:16 p.m.5 views

CVE-2025-67163

A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...

6.1CVSS0.00214EPSS
Exploits0References5
OSV
OSV
added 2025/12/18 12:0 a.m.8 views

CVE-2025-67163

A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...

6.1CVSS5.5AI score0.00214EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52332

Name of the Vulnerable Software and Affected Versions Simple Machines Forum version 2.1.6 Description A stored cross-site scripting XSS issue exists in Simple Machines Forum. Successful exploitation allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the...

6.1CVSS5.8AI score0.00214EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/18 12:0 a.m.32 views

CVE-2025-67163

A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...

0.00214EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.2 views

CVE-2025-67163

A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...

5.2AI score0.00214EPSS
Exploits0References5
CVE
CVE
added 2025/12/18 12:0 a.m.27 views

CVE-2025-67163

CVE-2025-67163 affects Simple Machines Forum (SMF) v2.1.6 (and SMF

6.1CVSS5.2AI score0.00214EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.5 views

Simple Machines Forum 安全漏洞

Simple Machines Forum SMF is an open source web forum system from the US-based SMF team. A security vulnerability exists in Simple Machines Forum version 2.1.6, which stems from improper handling of specially crafted inputs to the Forum Name parameter, and could lead to a stored cross-site...

6.1CVSS5.8AI score0.00214EPSS
Exploits0References5
Rows per page
Query Builder