EUVD-2025-11886

Malicious code in bioql PyPI...

EUVD-2022-7239

Malicious code in bioql PyPI...

EUVD-2023-34971

Malicious code in bioql PyPI...

CVE-2025-50979

NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...

CVE-2024-29316

NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true...

CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

CVE-2025-29513

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...

CVE-2025-29512

The CVE-2025-29512 entry concerns NodeBB before 4.0.5, where a Cross-Site Scripting (XSS) flaw in the application enables a remote attacker to store arbitrary code. The vulnerability affects v4.0.4 and earlier; impact includes potential disruption of the blacklist IP feature until content is remo...

PT-2025-17334 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions prior to 4.0.5 Description: A Cross-Site Scripting XSS issue allows remote attackers to store arbitrary code in the admin API Access token generator. This could potentially lead to the execution of malicious code...

CVE-2022-36045

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...

NodeBB < 3.11.1 XSS Vulnerability

NodeBB is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

NodeBB < 2.8.11 DoS Vulnerability

NodeBB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

NodeBB < 1.18.6 RCE Vulnerability

NodeBB is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

NodeBB < 3.6.7 Broken Access Control Vulnerability

NodeBB is prone to a broken access control vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...