Vulnerabilities > Vbulletin > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2023-25135 | Deserialization of Untrusted Data vulnerability in Vbulletin 5.6.7/5.6.8/5.6.9 vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. | 9.8 |
| 2020-08-12 | CVE-2020-17496 | Injection vulnerability in Vbulletin vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. | 9.8 |
| 2017-09-15 | CVE-2014-9463 | Code Injection vulnerability in Vbseo functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | 9.0 |
| 2012-08-14 | CVE-2012-4328 | Security vulnerability in Vbulletin Mapi, Vbulletin Forum and Vbulletin Suite Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors. | 10.0 |