CVE-2026-5163

Mattermost 11.5.x prior to 11.5.2 (up to 11.5.1 affected) fails to verify channel membership when processing AI-assisted message rewrites, allowing an authenticated user to read content from threads in private channels and direct messages they should not access via a crafted request to the post r...

GHSA-QM77-8QJP-4VCM OpenClaw: Slack thread context could include messages from non-allowlisted senders

Summary Before OpenClaw 2026.4.2, Slack thread starter and thread-history context fetched through the API was not filtered by the effective sender allowlist. Messages from non-allowlisted senders could still enter the agent context when an allowlisted user replied in the same thread. Impact A Sla...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper validating access controls at time of access. An attacker can gain unauthorized access to thread content by leveraging AI-generated posts. Remediation Upgrade...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper validating access controls at time of access. An attacker can gain unauthorized access to thread content by leveraging AI-generated posts. Remediation Upgrade...

CVE-2021-3337

The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit...

MyBB Hide Thread Content Plugin 1.0 - Information Disclosure

Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure Date: 1/27/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1430 Version: 1.0 Tested on: Windows 10 CVE: CVE-2021-3337 1. Description: This plugin...

MyBB Hide Thread Content 1.0 Information Disclosure

Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure Date: 1/27/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1430 Version: 1.0 Tested on: Windows 10 CVE: CVE-2021-3337 1. Description: This plugin...

CVE-2021-3337

The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit...

CVE-2021-3337

The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit...

Hardcoded credentials

The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit...

CVE-2021-3337

The CVE-2021-3337 issue affects the MyBB plugin “Hide-Thread-Content” (through 2021-01-27). The vulnerability allows remote attackers to bypass content-reading restrictions by clicking the reply or quote option in the postbit, leading to information disclosure. Affected component is the Hide-Thre...

CVE-2021-3337

The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit...

MyBB Hide-Thread-Content plugin security vulnerability

MyBB MyBulletinBoard is a free and web-based forum software developed by MyBB MYBB team using PHP and MySQL. The software is easy to use, supports multiple languages, scalable and so on. A security vulnerability exists in the MyBB Hide-Thread-Content plugin through 2021-01-27, which originates fr...