| CVE-2026-41887 |
medium |
4.9 |
4.9 |
|
|
|
1mo ago |
Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577) |
| CVE-2025-27794 |
unknown |
— |
— |
|
|
|
1y ago |
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite |
| CVE-2024-21641 |
unknown |
— |
— |
|
|
|
2y ago |
Flarum's logout Route allows open redirects |
| CVE-2023-40033 |
unknown |
— |
— |
|
|
|
3y ago |
Flarum vulnerable to LFI and Blind SSRF via Avatar upload |
| CVE-2023-27577 |
unknown |
— |
— |
|
|
|
3y ago |
Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files |
| CVE-2023-22489 |
unknown |
— |
— |
|
|
|
3y ago |
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted |
| CVE-2023-22488 |
unknown |
— |
— |
|
|
|
3y ago |
Flarum notifications can leak restricted content |
| CVE-2022-41938 |
unknown |
— |
— |
|
|
|
4y ago |
Cross site scripting vulnerability with discussion titles |
| CVE-2021-32671 |
unknown |
— |
— |
|
|
|
5y ago |
XSS vulnerability with translator |