357 matches found
Malicious code in @zalastax/nolb-nodebb-pl (npm)
The package @zalastax/nolb-nodebb-pl was found to contain malicious code...
Malicious code in @zalastax/nolb-nodebb-plugin-f (npm)
The package @zalastax/nolb-nodebb-plugin-f was found to contain malicious code...
MAL-2025-27676 Malicious code in nodebb-plugin-spaffnerds (npm)
The package nodebb-plugin-spaffnerds was found to contain malicious code...
MAL-2025-12751 Malicious code in @zalastax/nolb-nodebb-plugin-z (npm)
The package @zalastax/nolb-nodebb-plugin-z was found to contain malicious code...
MAL-2025-12753 Malicious code in @zalastax/nolb-nodebb-s (npm)
The package @zalastax/nolb-nodebb-s was found to contain malicious code...
MAL-2025-12711 Malicious code in @zalastax/nolb-nodebb (npm)
The package @zalastax/nolb-nodebb was found to contain malicious code...
MAL-2025-12745 Malicious code in @zalastax/nolb-nodebb-plugin-t (npm)
The package @zalastax/nolb-nodebb-plugin-t was found to contain malicious code...
MAL-2025-12712 Malicious code in @zalastax/nolb-nodebb- (npm)
The package @zalastax/nolb-nodebb- was found to contain malicious code...
MAL-2025-12725 Malicious code in @zalastax/nolb-nodebb-plugin-6 (npm)
The package @zalastax/nolb-nodebb-plugin-6 was found to contain malicious code...
MAL-2025-12728 Malicious code in @zalastax/nolb-nodebb-plugin-c (npm)
The package @zalastax/nolb-nodebb-plugin-c was found to contain malicious code...
MAL-2025-12747 Malicious code in @zalastax/nolb-nodebb-plugin-v (npm)
The package @zalastax/nolb-nodebb-plugin-v was found to contain malicious code...
CVE-2024-29316
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true...
CVE-2024-57041
A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...
CVE-2023-26045
NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to...
CVE-2023-2850
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...
CVE-2023-30591
Denial-of-service in NodeBB = v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith or eventName.toString, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively...
CVE-2022-3978
A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this...
CVE-2021-43787
Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a pat...
CVE-2021-43786
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible...
CVE-2020-15156
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation...