Lucene search
K

39 matches found

Snyk
Snyk
added 5 days ago5 views

Incorrect Authorization

Overview FlaskBB is an A classic Forum Software in Python using Flask. Affected versions of this package are vulnerable to Incorrect Authorization via manipulation of the topicid parameter in batch requests. An attacker can perform unauthorized actions such as locking, unlocking, deleting, or...

8.1CVSS6.1AI score0.00284EPSS
Exploits0References2
OSV
OSV
added 5 days ago2 views

CVE-2026-22659 FlaskBB Authorization Bypass via Topic ID Manipulation

FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not control by submitting crafted topic ID lists. Attackers can include a low-ID topic from a permitted...

7.2CVSS6.2AI score0.00284EPSS
Exploits0References6
CVE
CVE
added 5 days ago9 views

CVE-2026-22659

FlaskBB up to version 2.2.0 is vulnerable to an authorization bypass. The issue arises when an attacker manipulates a batch request with crafted topic ID lists, causing a low-ID topic from a permitted forum to be used as an anchor and bypass the permission check applied only to the first result. ...

8.1CVSS6.2AI score0.00284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10242

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topicid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10265

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edittopic.php. Such manipulation of the argument topicid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.10 views

CVE-2026-10258

A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...

6.5CVSS5.7AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.16 views

CVE-2026-10257

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS5.7AI score0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 2:30 p.m.10 views

CVE-2026-10265 itsourcecode Content Management System edit_topic.php sql injection

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edittopic.php. Such manipulation of the argument topicid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 2:30 p.m.36 views

CVE-2026-10265 itsourcecode Content Management System edit_topic.php sql injection

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edittopic.php. Such manipulation of the argument topicid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

6.5CVSS0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/06/01 1:16 p.m.17 views

CVE-2026-10257

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:45 p.m.11 views

CVE-2026-10258

A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:30 p.m.7 views

CVE-2026-10257

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/01 12:30 p.m.21 views

CVE-2026-10257

CVE-2026-10257 affects itsourcecode Content Management System 1.0. The vulnerability is a SQL injection caused by manipulating the topic_id parameter in /admin/update_ss_img.php, with remote exploitation possible and a publicly released exploit. MVN/NVD metrics indicate a MEDIUM impact with netwo...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 12:30 p.m.32 views

CVE-2026-10257 itsourcecode Content Management System update_ss_img.php sql injection

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
added 2026/06/01 9:16 a.m.30 views

CVE-2026-10242

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topicid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

6.5CVSS0.0025EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:45 a.m.9 views

CVE-2026-10242

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topicid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 8:45 a.m.9 views

CVE-2026-10242 itsourcecode Content Management System instructions.php sql injection

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topicid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

6.5CVSS5.7AI score0.0025EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 8:45 a.m.26 views

CVE-2026-10242

CVE-2026-10242 affects itsourcecode Content Management System 1.0. The vulnerability is a SQL injection in the /instructions.php file caused by manipulation of the topic_id argument. It can be triggered remotely and exploitation has been publicly disclosed (exploit maturity: Proof-of-Concept). Af...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.25 views

PT-2026-45427

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit topic.php. Such manipulation of the argument topic id leads to sql injection. The attack may be launched remotely. The exploit is publicly...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45406

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update ss img.php. The manipulation of the argument topic id results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS5.7AI score0.002EPSS
Exploits0References7
Rows per page
Query Builder