Lucene search
K

65 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.5 views

CVE-2026-5826

A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published...

5.3CVSS3.8AI score0.00013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 3:19 p.m.8 views

CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes`

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

7.1CVSS5.8AI score0.00043EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 9:31 a.m.2 views

EUVD-2026-21328

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

7.5CVSS6.9AI score0.00014EPSS
Exploits0References6
NVD
NVD
added 2026/04/10 3:16 a.m.2 views

CVE-2026-6003

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been...

4.8CVSS0.00035EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 2:30 a.m.2 views

EUVD-2026-21286

A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument catid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

7.5CVSS6.9AI score0.00043EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/09 12:30 a.m.30 views

CVE-2026-5826 code-projects Simple IT Discussion Forum edit-category.php cross site scripting

A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published...

5.3CVSS0.00013EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/09 12:30 a.m.2 views

CVE-2026-5826 code-projects Simple IT Discussion Forum edit-category.php cross site scripting

A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published...

5.3CVSS4.3AI score0.00013EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

phpBB 安全漏洞

phpBB is a set of web forum software developed by Ariefibis. Version phpBB 3.3.15 has a security vulnerability, which stems from cross-site request forgery in the login function and authentication mechanism. This vulnerability could allow for the execution of arbitrary code...

8.8CVSS6AI score0.00102EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/02 1:50 a.m.4 views

CVE-2026-28556

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...

5.4CVSS6AI score0.0003EPSS
Exploits0References1
OSV
OSV
added 2026/02/28 10:16 p.m.3 views

CVE-2026-28558

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...

5.4CVSS5.7AI score0.00038EPSS
Exploits0References3
CVE
CVE
added 2026/02/28 9:47 p.m.11 views

CVE-2026-28558

wpForo Forum 2.4.14 is affected by a stored XSS via SVG avatar file upload. Authenticated subscribers can upload an SVG avatar containing CSS or JavaScript that executes in viewers’ browsers when viewing the attacker’s profile page. The issue is documented with CVSS v4.0 base score 5.1 (MEDIUM) a...

6.4CVSS5.8AI score0.00038EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/28 12:0 a.m.5 views

PT-2026-22481

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a stored cross-site scripting issue that allows for script injection. This is achieved by manipulating forum URL data, which is then output into an inline script block using the jso...

5.5CVSS6AI score0.00043EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/28 12:0 a.m.4 views

PT-2026-22476

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a missing authorization flaw. Authenticated subscribers can close or reopen any forum topic through the wpforo close ajax handler. An attacker can bypass the moderator permission...

5.3CVSS6AI score0.00037EPSS
Exploits0References5
OSV
OSV
added 2026/02/09 9:56 p.m.5 views

CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

8.7CVSS5.9AI score0.00118EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 a.m.3 views

Tendenci CMS contains a stored Cross-site Scripting (XSS) vulnerability in the Forums module

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.6AI score0.00019EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/20 12:27 p.m.4 views

CVE-2026-1181

Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing CORS policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could...

9CVSS5.5AI score0.00027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.3 views

PT-2026-3437

Name of the Vulnerable Software and Affected Versions Altium Forum affected versions not specified Description A stored cross-site scripting XSS issue exists in the Altium Forum because of insufficient server-side input sanitization of forum post content. An authenticated attacker can inject...

9CVSS5.2AI score0.00027EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.2 views

Stack Ideas EasyDiscuss Cross-Site Script Vulnerabilities

Stack Ideas EasyDiscuss is a Q&A and forum component provided by Malaysia-based Stack Ideas Company. Stack Ideas EasyDiscuss has a cross-site scripting vulnerability, which stems from the lack of input filtering in the handling of forum posts. This vulnerability may lead to storage-based cross-si...

9.4CVSS5.6AI score0.00016EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.3 views

PT-2026-3142

Name of the Vulnerable Software and Affected Versions Altium Forum affected versions not specified Description A stored cross-site scripting XSS issue exists because of insufficient server-side input validation of forum post content. An authenticated attacker can inject arbitrary JavaScript into...

9CVSS5.9AI score0.00009EPSS
Exploits0References5
NVD
NVD
added 2025/12/22 10:16 p.m.2 views

CVE-2023-53979

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration...

8.8CVSS0.00136EPSS
Exploits1References5
Rows per page
Query Builder