Yabb CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (29 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2004-2754	1 Yabb	1 Yabb Se	2026-04-16	N/A
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
CVE-2003-0275	1 Yabb	1 Yabb	2026-04-16	N/A
SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code.
CVE-2003-1277	1 Yabb	1 Yabb	2026-04-16	N/A
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html
CVE-2006-3275	1 Yabb	1 Yabb	2026-04-16	N/A
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action.
CVE-2002-2296	1 Yabb	1 Yabb	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter.
CVE-2004-2139	1 Yabb	1 Yabb	2026-04-16	N/A
Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl.
CVE-2005-0741	1 Yabb	1 Yabb	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.
CVE-2005-2296	1 Yabb	1 Yabb	2026-04-16	N/A
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path.
CVE-2013-2057	1 Yabb	1 Yabb	2024-11-21	9.8 Critical
YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability

« first previous Page 2 of 2.