Vulnerabilities > Nodebb > Nodebb > 2.5.0

DATE CVE VULNERABILITY TITLE RISK
2023-09-29 CVE-2023-30591 Improper Check for Unusual or Exceptional Conditions vulnerability in Nodebb
Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
network
low complexity
nodebb CWE-754
7.5
7.5
2023-07-25 CVE-2023-2850 Origin Validation Error vulnerability in Nodebb
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin.
network
low complexity
nodebb CWE-346
4.7
4.7
2023-07-24 CVE-2023-26045 Unspecified vulnerability in Nodebb
NodeBB is Node.js based forum software.
network
low complexity
nodebb
critical
 9.8
9.8
2022-12-05 CVE-2022-46164 Unspecified vulnerability in Nodebb
NodeBB is an open source Node.js based forum software.
network
low complexity
nodebb
critical
 9.8
9.8
2022-11-13 CVE-2022-3978 Cross-Site Request Forgery (CSRF) vulnerability in Nodebb
A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7.
network
low complexity
nodebb CWE-352
4.3
4.3