CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

NVD•added 2026/05/16 4:16 p.m.•5 views

CVE-2021-47934

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

6.9CVSS0.00038EPSS

Exploits0References3

Vulnrichment•added 2026/05/16 3:26 p.m.•5 views

CVE-2021-47934 MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF

6.9CVSS5.7AI score0.00038EPSS

Exploits0References3

EUVD•added 2026/05/16 3:26 p.m.•6 views

EUVD-2021-34840

6.9CVSS5.7AI score0.00038EPSS

Exploits0References3

CVE•added 2026/05/16 3:26 p.m.•10 views

CVE-2021-47934

MyBB Timeline Plugin 1.0 is affected by cross-site scripting (XSS) in thread titles, post content, and user profile fields (Location, Bio). A cross-site request forgery (CSRF) in the timeline.php profile action can be exploited to change a user’s cover picture via malicious forms that execute whe...

6.9CVSS5.7AI score0.00038EPSS

Exploits0References3

ATTACKERKB•added 2026/05/16 3:26 p.m.•4 views

CVE-2021-47934

6.9CVSS5.7AI score0.00038EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/16 12:0 a.m.•9 views

PT-2026-41448

Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0 Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery fla...

6.9CVSS5.8AI score0.00038EPSS

Exploits0References5

CNNVD•added 2026/05/16 12:0 a.m.•6 views

MyBB Timeline Plugin 跨站脚本漏洞

The MyBB Timeline Plugin is a plugin provided by MyBB Corporation that offers dynamic timeline displays and social activity stream functions for MyBB forums. Version 1.0 of the MyBB Timeline Plugin contained a cross-site scripting vulnerability. This vulnerability stemmed from cross-site scriptin...

6.9CVSS5.6AI score0.00038EPSS

Exploits0References1

CNVD•added 2026/04/10 12:0 a.m.•0 views

Discourse Access Control Error Vulnerability (CNVD-2026-17476)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that can be exploited by an attacker to retrieve the content of posts, threa...

5.1CVSS5.7AI score0.0004EPSS

Exploits0

CNNVD•added 2026/03/31 12:0 a.m.•5 views

Discourse 访问控制错误漏洞

5.1CVSS5.8AI score0.0004EPSS

Exploits0References3

NVD•added 2026/01/23 5:15 p.m.•6 views

CVE-2018-25132

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

6.1CVSS0.00044EPSS

Exploits1References3

ATTACKERKB•added 2026/01/23 4:47 p.m.•2 views

CVE-2018-25132

6.1CVSS5.9AI score0.00044EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/01/23 4:47 p.m.•3 views

CVE-2018-25132 MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

6.1CVSS5.2AI score0.00044EPSS

Exploits1References3

CVE•added 2026/01/23 4:47 p.m.•6 views

CVE-2018-25132

CVE-2018-25132 affects the MyBB Trending Widget Plugin 1.2. The vulnerability is a cross-site scripting (XSS) flaw that lets an attacker inject malicious scripts via thread titles. These payloads execute when other users view the trending widget. The provided documents consistently describe the i...

6.1CVSS5.2AI score0.00044EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/01/23 12:0 a.m.•3 views

PT-2026-4502

6.1CVSS5.2AI score0.00044EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2018-7470

Malware in sbrugna...

6.1CVSS6.2AI score0.01303EPSS

Exploits5References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-32065

Malicious code in bioql PyPI...

3.5CVSS6.5AI score0.00044EPSS

Exploits0References2

CVE•added 2025/10/01 6:42 p.m.•7 views

CVE-2025-58054

CVE-2025-58054 refers to a Discourse XSS vulnerability present in versions ≤ 3.5.0, triggered by parsing/rendering chat channel titles and chat thread titles via the quote message feature in the rich text editor. The issue is resolved in version 3.5.1. Affected product: Discourse open-source plat...

5.4CVSS5.9AI score0.00044EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/10/01 12:0 a.m.•1 views

PT-2025-40288

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.1 Description Discourse, an open-source community discussion platform, is affected by a cross-site scripting XSS issue. The issue stems from how the platform parses and renders chat channel titles and chat threa...

3.5CVSS5.9AI score0.00044EPSS

Exploits0References8

OSV•added 2018/08/28 7:29 p.m.•2 views

CVE-2018-15596

An issue was discovered in inc/classfeedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles within title elements of the generated XML documents aren't sanitized, leading to...

6.1CVSS5.8AI score0.01303EPSS

Exploits5References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by