Browse all 17 CVE security advisories affecting mybb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MyBB serves as a free, open-source forum software platform enabling online community discussions. Historically, it has been susceptible to multiple vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, contributing to its 17 recorded CVEs. While no major public security incidents have been widely documented, the software's persistent vulnerability history suggests a need for rigorous patch management and security hardening. Its PHP-based architecture and extensive customization options may introduce additional attack surfaces if not properly maintained. Regular updates and secure configuration remain critical for mitigating risks associated with this platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2018-25309 | MyBB Recent threads 17.0 Persistent Cross-Site Scripting — MyBB Recent threadsCWE-79 | 7.2 | High | 2026-04-29 |
This page lists every published CVE security advisory associated with mybb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.