Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Packet Storm
Packet Stormadded 2025/11/26 12:0 a.m.132 views

📄 vBulletin 6.0.3 replaceAdTemplate Expression Injection

Proof of concept exploit for vBulletin versions 5.0.0 through 6.0.3 for the replaceAdTemplate expression injection vulnerability. ============================================================================================================================================= | Title : vBulletin 5.0.0...

10CVSS7.4AI score0.77631EPSS
Exploits4
CNNVD
CNNVDadded 2025/05/27 12:0 a.m.5 views

Internet Brands vBulletin 安全漏洞

Internet Brands vBulletin is a forum plugin from Internet Brands, Inc. A security vulnerability exists in Internet Brands vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3, which stems from the possibility that an unauthenticated user could invoke protected API controller methods...

10CVSS8.6AI score0.77631EPSS
Exploits4References3
OSV
OSVadded 2023/02/03 5:15 a.m.2 views

CVE-2023-25135

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verifyserialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions a...

9.8CVSS7.6AI score0.93341EPSS
Exploits1References2
BDU FSTEC
BDU FSTECadded 2021/08/24 12:0 a.m.2 views

The vulnerability of the commercial vBulletin web forum exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the commercial forum engine vBulletin exists due to the failure to address the issue of eliminating specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the ajax/render/widgettabbedcontainertabpanel request...

10CVSS8.4AI score0.94182EPSS
Exploits2References4Affected Software1
VulnCheck KEV
VulnCheck KEVadded 2021/04/12 12:0 a.m.1 views

VulnCheck KEV: CVE-2015-7808

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...

7.5CVSS7.6AI score0.79043EPSS
Exploits12References1
OSV
OSVadded 2020/09/03 6:15 p.m.1 views

CVE-2020-25121

The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options...

4.8CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2020/09/03 6:15 p.m.3 views

CVE-2020-25116

The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager...

4.8CVSS5.8AI score0.00219EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2014/10/25 12:55 a.m.6 views

CVE-2014-2021

Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...

3.5CVSS5.7AI score0.0078EPSS
Exploits4References8
Rows per page
Query Builder