1.14.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-29	CVE-2023-30591	Improper Check for Unusual or Exceptional Conditions vulnerability in Nodebb Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively. network low complexity nodebb CWE-754	7.5
2023-09-27	CVE-2023-43187	XML Injection (aka Blind XPath Injection) vulnerability in Nodebb A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. network low complexity nodebb CWE-91 critical	9.8
2023-07-25	CVE-2023-2850	Origin Validation Error vulnerability in Nodebb NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. network low complexity nodebb CWE-346	4.7
2022-12-05	CVE-2022-46164	Improper Initialization vulnerability in Nodebb NodeBB is an open source Node.js based forum software. network low complexity nodebb CWE-665 critical	9.8
2022-11-13	CVE-2022-3978	Cross-Site Request Forgery (CSRF) vulnerability in Nodebb A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. network low complexity nodebb CWE-352	4.3
2021-11-29	CVE-2021-43788	Path Traversal vulnerability in Nodebb Nodebb is an open source Node.js based forum software. network low complexity nodebb CWE-22	5.0
2020-08-20	CVE-2020-15149	Improper Authentication vulnerability in Nodebb NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. network low complexity nodebb CWE-287	6.5