PT-2026-36486

Name of the Vulnerable Software and Affected Versions V2Board versions prior to 1.7.5 Description An issue exists where the sort parameter from user input is passed directly to the User::orderBy function in the 'app/Http/Controllers/Admin/UserController.php' file without proper validation. This...

EUVD-2026-26668

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...