EUVD-2025-16667

Malicious code in bioql PyPI...

EUVD-2024-20847

Malicious code in bioql PyPI...

EUVD-2024-20846

Malicious code in bioql PyPI...

CVE-2025-48941

MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden draft, unapproved, or soft-deleted threads containing specified text in the title. The visibility state...

CVE-2025-48940

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion LFI via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be...

CVE-2025-48941

CVE-2025-48941 (MyBB) : Affected software: MyBB versions prior to 1.8.39. Issue: the internal search does not properly validate thread visibility, allowing a user with search access to infer the existence of hidden threads (draft, unapproved, or soft-deleted) by title. The visible flag (mybb_thre...

CVE-2025-48941 MyBB may disclosure unviewable threads' titles in searches

MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden draft, unapproved, or soft-deleted threads containing specified text in the title. The visibility state...

CVE-2025-48940 MyBB's upgrade component vulnerable to local file inclusion

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion LFI via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be...

CVE-2024-23336

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery SSRF vulnerability. The Configuration File's Disallowed Remote Addresses list $config'disallowedremoteaddresses'...

CVE-2022-24734

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...

CVE-2022-39265

MyBB is a free and open source forum software. The Mail Settings → Additional Parameters for PHP's mail function mailparameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution RCE. The...

CVE-2023-46251 Visual editor persistent Cross-site Scripting (XSS) in MyBB

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

CVE-2022-24734 Remote code execution in mybb

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution RCE without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell...

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution RCE without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell...

MyBB SQL Injection Vulnerability (CNVD-2021-25711)

MyBB is a free open source forum software. A SQL injection vulnerability exists in the Copy Forums feature of the Forum Manager in versions of MyBB prior to 1.8.26. No detailed vulnerability details are available at this time...

MyBB Cross-Site Scripting Vulnerability (CNVD-2019-16947)

MyBB MyBulletinBoard is a free and Web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in MyBB version 1.8.19, which can be exploited by attacker...

Tapatalk plugin for MyBB SQL Injection Vulnerability

Tapatalk plugin for MyBB is a set of forum browsing plugins for MyBB from Tapatalk, Inc. A SQL injection vulnerability exists in Tapatalk plugin for MyBB versions prior to 4.5.8. A remote attacker can inject arbitrary SQL commands using XML-RPC encrypted documents...

MyBB Remote Code Execution Vulnerability (CNVD-2017-01011)

MyBB is a popular forum program. MyBB suffers from a remote code execution vulnerability that can be exploited by an attacker to execute arbitrary code...

MyBB 1.8.6 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyBB 1.8.6 Fixed in: 1.8.7 Fixed Version Link: http://resources.mybb.com/downloads/mybb1807.zip Vendor Website: http://www.mybb.com/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 01/29/2016 Disclosed...