Known Vulnerabilities for products from Flarum
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Flarum".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41887 json | Not Provided | 2026-05-08 | 2026-05-08 | |
| CVE-2026-30913 json | Not Provided | 2026-03-10 | 2026-03-10 | |
| CVE-2024-21641 json | 4.7 - MEDIUM | 2024-01-05 | 2024-01-18 | |
| CVE-2023-40033 json | Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Ser... | 7.1 - HIGH | 2023-08-16 | 2023-08-25 |
| CVE-2023-27577 json | flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already be... | 4.9 - MEDIUM | 2023-03-10 | 2023-11-07 |
| CVE-2023-22489 json | Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion sta... | 3.5 - LOW | 2023-01-13 | 2023-11-07 |
| CVE-2023-22488 json | Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content... | 5.4 - MEDIUM | 2023-01-12 | 2023-01-23 |
| CVE-2023-22487 json | Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, us... | 4.3 - MEDIUM | 2023-01-11 | 2023-01-19 |
| CVE-2022-41938 json | Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DO... | 5.4 - MEDIUM | 2022-11-19 | 2022-11-26 |
| CVE-2021-32671 json | Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted in... | 10 - CRITICAL | 2021-06-07 | 2021-06-17 |
| CVE-2021-21283 json | Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-bet... | 5.4 - MEDIUM | 2021-01-26 | 2023-11-07 |
| CVE-2019-13183 json | Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings. | 8.8 - HIGH | 2019-07-07 | 2019-07-09 |
| CVE-2019-11514 json | User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens. | 7.5 - HIGH | 2019-04-25 | 2020-08-24 |
| CVE-2018-19133 json | In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. | 5.3 - MEDIUM | 2018-11-09 | 2018-12-31 |