Lucene search
K

369 matches found

Nuclei
Nuclei
added yesterday113 views

NodeBB XML-RPC Request xmlrpc.php - XML Injection

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. id: CVE-2023-43187 info: name: NodeBB XML-RPC Request xmlrpc.php - XML Injection author: 0xParth...

9.8CVSS7.6AI score0.45401EPSS
Exploits1References2
NVD
NVD
added 2026/07/01 8:17 p.m.5 views

CVE-2026-58593

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...

8.7CVSS0.00191EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/01 7:27 p.m.34 views

CVE-2026-58593 NodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...

8.7CVSS0.00191EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:27 p.m.6 views

CVE-2026-58593

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...

8.7CVSS6AI score0.00191EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/07/01 7:27 p.m.24 views

CVE-2026-58593

NodeBB is affected by CVE-2026-58593 where inbound ActivityPub objects are not correctly bound to the authenticated remote actor. The middleware verifies the HTTP-signature actor and origin of object.id but does not validate that attributedTo corresponds to the sender, treating attributedTo as a ...

8.7CVSS6AI score0.00191EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/01 7:27 p.m.7 views

CVE-2026-58593 NodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...

8.7CVSS6AI score0.00191EPSS
Exploits1References3
OSV
OSV
added 2026/07/01 7:27 p.m.3 views

CVE-2026-58593 NodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...

8.7CVSS6.1AI score0.00191EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54922

Name of the Vulnerable Software and Affected Versions NodeBB affected versions not specified Description NodeBB fails to bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. While the inbound middleware verifies the HTTP-signature actor and the origin of the...

8.7CVSS5.9AI score0.00191EPSS
Exploits1References8
NVD
NVD
added 2026/01/21 6:16 p.m.10 views

CVE-2021-47746

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

8.6CVSS0.00664EPSS
Exploits0References4
OSV
OSV
added 2026/01/21 6:16 p.m.5 views

CVE-2021-47746

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

7.5CVSS5.9AI score0.00664EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/21 5:27 p.m.7 views

CVE-2021-47746 NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

8.6CVSS5.6AI score0.00664EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/21 5:27 p.m.5 views

CVE-2021-47746

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

8.6CVSS5.5AI score0.00664EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/01/21 5:27 p.m.15 views

CVE-2021-47746

CVE-2021-47746 concerns an arbitrary file write in the NodeBB Plugin Emoji 3.2.1. The vulnerability exists in the emoji upload API where an attacker with administrative access can craft file upload requests using directory traversal to overwrite arbitrary system files. Affected software: NodeBB P...

8.6CVSS5.6AI score0.00664EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/21 5:27 p.m.24 views

CVE-2021-47746 NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

8.6CVSS0.00664EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.9 views

Emoji for NodeBB security vulnerability

Emoji for NodeBB is an emoji plugin developed by NodeBB. Version 3.2.1 of Emoji for NodeBB contains a security vulnerability. This vulnerability stems from the possibility of arbitrary file writing through the emoji upload API, which could lead to overwriting system files...

8.6CVSS5.9AI score0.00664EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.13 views

PT-2026-3793

Name of the Vulnerable Software and Affected Versions NodeBB Plugin Emoji version 3.2.1 Description The NodeBB Plugin Emoji version 3.2.1 has a flaw that allows administrative users to write files to arbitrary system locations. This is possible through the emoji upload API by manipulating the fil...

8.6CVSS5.9AI score0.00664EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.9 views

CVE-2023-43187

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

9.8CVSS8.3AI score0.45401EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2408

Malware in sbrugna...

9CVSS6.9AI score0.01275EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2372

Malware in sbrugna...

5CVSS5.4AI score0.25843EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0456

Malware in sbrugna...

6.1CVSS6.2AI score0.01357EPSS
Exploits1References6
Rows per page
Query Builder