Known vulnerabilities in vBulletin vBulletin

Vendor: vBulletin
Website: https://www.vbulletin.com
Total Security Bulletins: 30

Security bulletins (30)

Secuity bulletin Severity Status Published
SB2025052717: Two remote code execution vulnerabilities in vBulletin Critical
Patched Exploited
27.05.2025
SB2023092122: Cross-site scripting in vBulletin Low
Not patched
21.09.2023
SB2020103046: Command Injection in vBulletin High
Patched
30.10.2020
SB2020090605: Multiple vulnerabilities in vBulletin Low
Patched
06.09.2020
SB2020081101: Remote code execution in vBulletin High
Patched Exploited
11.08.2020
SB2020051211: Improper access control in vBulletin Medium
Patched
12.05.2020
SB2019100801: Multiple vulnerabilities in vBulletin High
Patched
08.10.2019
SB2019100408: Improper Restriction of Rendered UI Layers or Frames in vBulletin vBulletin Low
Patched
04.10.2019
SB2019092426: Remote code execution in vBulletin High
Patched Exploited
24.09.2019
SB2018101731: Open redirect in vBulletin Low
Patched
17.10.2018
SB2018012904: Open redirect in vBulletin Low
Patched
29.01.2018
SB2017121911: Remote code execution in vBulletin High
Patched
19.12.2017
SB2017121801: Multiple remote code execution vulnerabilities in vBulletin High
Patched
18.12.2017
SB2017121460: Path traversal in vBulletin High
Patched
14.12.2017
SB2017091917: Input validation error in vBulletin Medium
Patched
19.09.2017
SB2017082815: Cross-site scripting in vBulletin Low
Patched
28.08.2017
SB2016081009: Server-Side request forgery in vBulletin Critical
Patched Exploited
10.08.2016
SB2016061701: SQL injection in vBulletin Forumrunner High
Patched Exploited
17.06.2016
SB2016061502: SQL Injection in vBulletin Critical
Patched
15.06.2016
SB2015112406: Input validation error in vBulletin Medium
Patched
24.11.2015
SB2015010204: Cross-site request forgery in vBulletin Medium
Patched
02.01.2015
SB2014102502: Cross-site scripting in vBulletin Low
Patched
25.10.2014
SB2014101506: Multiple vulnerabilities in vBulletin Medium
Patched
15.10.2014
SB2014072506: SQL injection in vBulletin Medium
Patched
25.07.2014
SB2014043003: Cross-site scripting in vBulletin Low
Patched
30.04.2014
SB2013082701: Security bypass in vBulletin Critical
Patched
27.08.2013
SB2013051101: SQL injection in vBulletin Low
Patched
11.05.2013
SB2012123101: Input validation error in vBulletin Medium
Patched
31.12.2012
SB2012082802: SQL injection in vBulletin Medium
Patched
28.08.2012
SB2012070402: Cross-site scripting in vBulletin Low
Patched
04.07.2012