EUVD-2025-16668

Malicious code in bioql PyPI...

CVE-2025-48940

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion LFI via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be...

CVE-2025-48941

MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden draft, unapproved, or soft-deleted threads containing specified text in the title. The visibility state...

CVE-2025-48940

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion LFI via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be...

CVE-2025-48941 MyBB may disclosure unviewable threads' titles in searches

MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden draft, unapproved, or soft-deleted threads containing specified text in the title. The visibility state...

CVE-2025-48940

CVE-2025-48940 affects MyBB pre-1.8.39 where the upgrade component does not validate input, enabling local file inclusion (LFI) via a crafted parameter when the installer is unlocked and the upgrade script is accessible (e.g., reinstall or admin-authenticated scenarios). MyBB 1.8.39 resolves the ...

CVE-2025-48940 MyBB's upgrade component vulnerable to local file inclusion

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion LFI via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be...

CVE-2025-48940 MyBB's upgrade component vulnerable to local file inclusion

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion LFI via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be...

CVE-2025-48940 MyBB's upgrade component vulnerable to local file inclusion

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion LFI via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be...

MyBB 安全漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A security vulnerability exists in MyBB versions prior to 1.8.39, which stems from the search componen...