Vulnerabilities > Nodebb > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-43187 | XML Injection (aka Blind XPath Injection) vulnerability in Nodebb A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. | 9.8 |
| 2023-07-24 | CVE-2023-26045 | Unspecified vulnerability in Nodebb NodeBB is Node.js based forum software. | 9.8 |
| 2022-12-05 | CVE-2022-46164 | Unspecified vulnerability in Nodebb NodeBB is an open source Node.js based forum software. | 9.8 |
| 2022-08-31 | CVE-2022-36045 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Nodebb NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. | 9.8 |
| 2020-08-20 | CVE-2020-15149 | Improper Authentication vulnerability in Nodebb NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. | 9.9 |