CVE-2026-5826

A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published...

CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes`

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

EUVD-2026-21328

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

CVE-2026-6003

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been...

EUVD-2026-21286

A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument catid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

CVE-2026-5826 code-projects Simple IT Discussion Forum edit-category.php cross site scripting

A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published...

CVE-2026-5826 code-projects Simple IT Discussion Forum edit-category.php cross site scripting

A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published...

phpBB 安全漏洞

phpBB is a set of web forum software developed by Ariefibis. Version phpBB 3.3.15 has a security vulnerability, which stems from cross-site request forgery in the login function and authentication mechanism. This vulnerability could allow for the execution of arbitrary code...

CVE-2026-28556

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...

CVE-2026-28558

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...

CVE-2026-28558

wpForo Forum 2.4.14 is affected by a stored XSS via SVG avatar file upload. Authenticated subscribers can upload an SVG avatar containing CSS or JavaScript that executes in viewers’ browsers when viewing the attacker’s profile page. The issue is documented with CVSS v4.0 base score 5.1 (MEDIUM) a...

PT-2026-22481

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a stored cross-site scripting issue that allows for script injection. This is achieved by manipulating forum URL data, which is then output into an inline script block using the jso...

PT-2026-22476

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a missing authorization flaw. Authenticated subscribers can close or reopen any forum topic through the wpforo close ajax handler. An attacker can bypass the moderator permission...

CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

Tendenci CMS contains a stored Cross-site Scripting (XSS) vulnerability in the Forums module

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2026-1181

Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing CORS policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could...

PT-2026-3437

Name of the Vulnerable Software and Affected Versions Altium Forum affected versions not specified Description A stored cross-site scripting XSS issue exists in the Altium Forum because of insufficient server-side input sanitization of forum post content. An authenticated attacker can inject...

Stack Ideas EasyDiscuss Cross-Site Script Vulnerabilities

Stack Ideas EasyDiscuss is a Q&A and forum component provided by Malaysia-based Stack Ideas Company. Stack Ideas EasyDiscuss has a cross-site scripting vulnerability, which stems from the lack of input filtering in the handling of forum posts. This vulnerability may lead to storage-based cross-si...

PT-2026-3142

Name of the Vulnerable Software and Affected Versions Altium Forum affected versions not specified Description A stored cross-site scripting XSS issue exists because of insufficient server-side input validation of forum post content. An authenticated attacker can inject arbitrary JavaScript into...

CVE-2023-53979

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration...