12 matches found
CVE-2026-48780
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...
CVE-2026-48780
CVE-2026-48780 affects Forem. Before commit a2ab6d4, a maliciously crafted email address could bypass domain allowlist/denylist restrictions and gain access to invite-only Forem deployments. The issue is patched as of a2ab6d4. Affected component is the email validation/allowlist logic; impact is ...
CVE-2026-48780 Forem vulnerable to bypass of email address domain restrictions
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...
EUVD-2023-30942
Malicious code in bioql PyPI...
CVE-2023-27160
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery SSRF via the component /articles/id. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request...
CVE-2023-27160
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery SSRF via the component /articles/id. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request...
CVE-2023-27160
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery SSRF via the component /articles/id. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request...
CVE-2023-27160
CVE-2023-27160 affects Forem up to v2022.11.11. It describes a Server-Side Request Forgery (SSRF) vulnerability in the /articles/{id} endpoint that can be triggered by a crafted POST request, potentially allowing access to internal network resources and sensitive information. The available connec...
CVE-2023-27160
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery SSRF via the component /articles/id. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request...
forem 代码问题漏洞
Forem forem is a Ruby open source project for building online communities/forums from Forem. A security vulnerability exists in forem version v2022.11.11 and earlier versions, which stems from the discovery of a contained server-side request forgery SSRF vulnerability via component /articles/id. ...
CVE-2023-27160
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery SSRF via the component /articles/id. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request...
PT-2023-20980 · Forem · Forem
Name of the Vulnerable Software and Affected Versions: forem versions up to v2022.11.11 Description: The issue is related to a Server-Side Request Forgery SSRF via the component "/articles/id". This allows attackers to access network resources and sensitive information via a crafted POST request...