Lucene search
K

7097 matches found

Nuclei
Nuclei
added 10 hours ago41 views

wpForo Forum <= 2.4.14 - SQL Injection

wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...

7.5CVSS6.1AI score0.01727EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago45 views

WordPress wpForo Forum < 1.9.7 - Open Redirect

WordPress wpForo Forum 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. id: CVE-2021-24406 info: name: WordPress wpForo Forum 1.9.7 - Open...

6.1CVSS6.4AI score0.03379EPSS
Exploits2References4
Nuclei
Nuclei
added 10 hours ago23 views

Orange Forum 1.4.0 - Open Redirect

Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-14474 info: nam...

6.1CVSS6.4AI score0.02257EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago77 views

wpForo Forum <= 2.1.8 - Cross-Site Scripting

The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.9AI score0.00845EPSS
Exploits1References4
Cvelist
Cvelist
added yesterday15 views

CVE-2026-61520 Simple Machines Forum SSRF via image proxy

Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 prior to commit b4d23df contains a server-side request forgery vulnerability in the image proxy that allows authenticated attackers to trigger internal HTTP requests by embedding attacker-controlled URLs in BBCode image tags, which the pro...

7.7CVSS
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-61520

The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...

7.7CVSS6.1AI score
Exploits0References3
Nuclei
Nuclei
added yesterday86 views

WordPress Asgaros Forum <1.15.13 - SQL Injection

WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS7.1AI score0.13285EPSS
Exploits3References5
NVD
NVD
added 2 days ago3 views

CVE-2026-57365

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hitesh Chandwani reCAPTCHA v2 & v3 for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA v2 & v3 for Asgaros Forum: from n/a through = 1.1.0...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57365 WordPress reCAPTCHA (v2 & v3) for Asgaros Forum plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hitesh Chandwani reCAPTCHA v2 & v3 for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA v2 & v3 for Asgaros Forum: from n/a through = 1.1.0...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57365

The CVE-2026-57365 entry concerns the WordPress plugin “reCAPTCHA (v2 & v3) for Asgaros Forum” (versions ≤ 1.1.0). According to the provided documents, the vulnerability is a DOM-based Cross-Site Scripting (XSS) issue caused by improper neutralization of input during web page generation. The affe...

6.5CVSS6.1AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-39903

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS0.00333EPSS
Exploits0References5
Snyk
Snyk
added 5 days ago5 views

Incorrect Authorization

Overview FlaskBB is an A classic Forum Software in Python using Flask. Affected versions of this package are vulnerable to Incorrect Authorization via manipulation of the topicid parameter in batch requests. An attacker can perform unauthorized actions such as locking, unlocking, deleting, or...

8.1CVSS6.1AI score0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 5 days ago6 views

CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42941

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-39903

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References6Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-39903

The CVE concerns Simple Machines Forum (SMF) 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5. A single-character operator error in Sources/Actions/AttachmentApprove.php causes the permission check to always pass, enabling an authenticated low-privilege user to approve, reject, or delete any pendi...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS0.00333EPSS
Exploits0References5
OSV
OSV
added 5 days ago2 views

CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-22659 FlaskBB Authorization Bypass via Topic ID Manipulation

FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not control by submitting crafted topic ID lists. Attackers can include a low-ID topic from a permitted...

8.1CVSS0.00284EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/07/06 2:50 p.m.5 views

WordPress reCAPTCHA (v2 & v3) for Asgaros Forum plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by HieuPenguinnn in WordPress Plugin reCAPTCHA v2 & v3 for Asgaros Forum versions = 1.1.0...

6.5CVSS5.9AI score0.00161EPSS
Exploits0Affected Software1
Rows per page
Query Builder