CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

MyBB aka MyBulletinBoard before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message...

5CVSS6.5AI score0.01369EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:13 a.m.•17 views

CVE-2019-3579

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter...

5.3CVSS6.7AI score0.01573EPSS

Exploits0References1

RedhatCVE•added 2025/04/26 5:56 a.m.•7 views

CVE-2025-29457

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

7.6CVSS6.5AI score0.00365EPSS

Exploits1References1

Vulnrichment•added 2025/04/17 12:0 a.m.•4 views

CVE-2025-29459

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

7.3AI score0.00365EPSS

Exploits1References2

CVE•added 2025/04/17 12:0 a.m.•71 views

CVE-2025-29458

CVE-2025-29458 concerns MyBB 1.8.38. The vulnerability arises in the Change Avatar feature, which can allow a remote attacker to obtain sensitive information. Root cause: mishandling of Change Avatar functionality (per multiple sources); supplier disputes relate to administrator actions and SSRF ...

7.6CVSS7.3AI score0.00365EPSS

Exploits1References2Affected Software1

CNVD•added 2024/11/22 12:0 a.m.•6 views

MyBB Cross-Site Scripting Vulnerability (CNVD-2024-46255)

MyBB is a free and open source forum software, written in PHP, supporting MySQL, MariaDB, PostgreSQL and SQLite databases. A cross-site scripting vulnerability exists in MyBB. The vulnerability is related to the component installindex.php, which does not adequately clean up the websitename...

5.4CVSS6.6AI score0.0025EPSS

Exploits1References1

Cvelist•added 2023/01/03 12:0 a.m.•23 views

CVE-2022-45867

MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution...

7AI score0.01497EPSS

Exploits0References1

Vulnrichment•added 2022/11/21 12:0 a.m.•4 views

CVE-2022-43708

MyBB 1.8.31 has a issue 2 of 2 cross-site scripting XSS vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name...

6.1AI score0.00365EPSS

Exploits0References2

Cvelist•added 2022/11/21 12:0 a.m.•24 views

CVE-2022-43708

6.2AI score0.00365EPSS

Exploits0References2

Cvelist•added 2021/03/15 5:8 p.m.•26 views

CVE-2021-27946

SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. issue 1 of 3...

9.4AI score0.04201EPSS

Exploits5References2

NVD•added 2020/01/02 3:15 p.m.•25 views

CVE-2019-20225

MyBB before 1.8.22 allows an open redirect on login...

6.1CVSS6.3AI score0.00648EPSS

Exploits0References2

Prion•added 2019/06/06 7:29 p.m.•17 views

Cross site scripting

MyBB 1.8.19 has XSS in the resetpassword function...

4.3CVSS6AI score0.00793EPSS

Exploits0References2Affected Software1

NVD•added 2019/06/06 7:29 p.m.•18 views

CVE-2019-3579

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter...

5.3CVSS5.3AI score0.01573EPSS

Exploits0References2

NVD•added 2019/06/06 7:29 p.m.•22 views

CVE-2019-3578

MyBB 1.8.19 has XSS in the resetpassword function...

6.1CVSS6AI score0.00793EPSS

Exploits0References2