EUVD-2002-1443

Malware in sbrugna...

EUVD-2004-1512

Malware in sbrugna...

EUVD-2018-6819

Malware in sbrugna...

EUVD-2003-1234

Malware in sbrugna...

EUVD-2015-1569

Malware in sbrugna...

EUVD-2005-0651

Malware in sbrugna...

EUVD-2015-8827

Malware in sbrugna...

EUVD-2023-47612

Malicious code in bioql PyPI...

EUVD-2022-4442

Malicious code in bioql PyPI...

EUVD-2023-47613

Malicious code in bioql PyPI...

EUVD-2022-1298

Malicious code in bioql PyPI...

EUVD-2022-28572

Malicious code in bioql PyPI...

EUVD-2022-4560

Malicious code in bioql PyPI...

CVE-2020-15156

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation...

CVE-2011-1127

SSI.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors...

CVE-2024-37871

CVE-2024-37871 affects the Itsourcecode Online Discussion Forum Project for PHP with Source Code 1.0. The vulnerability is a SQL injection in login.php triggered via the email parameter, enabling remote attackers to execute arbitrary SQL commands. Metrics indicate a high-severity issue (CVSS v3.1...

Design/Logic Flaw

Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum this is caused by a lack of checks performed by the /forums.php?action=post page...

XSS via markdown syntax

Description Hi,Maintainer,thanks for reading.I am glad to report a secure problem to you. I found that your forum allows users to use markdown syntax to post articles and comments, but there is no corresponding protection means, which is unsafe. Any user can post dangerous content, like the...

When Efforts to Contain a Data Breach Backfire

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexicos second-largest bank was fake news and harming the banks...

CVE-2022-23602

CVE-2022-23602 affects Nimforum prior to 2.2.0. A user can create a thread/post with an include pointing to a local file, causing Nimforum to render the file; this can also be triggered via the post preview endpoint. Consequence includes exposure of sensitive data such as forum.json secrets. Vers...