Every CVE whose affected-product data names Mybb Merge System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2015-8974 — CVSS 10.0 (critical): SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x…
CVE-2016-9420 — CVSS 9.8 (critical): MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors…
CVE-2016-9402 — CVSS 9.8 (critical): SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might…
CVE-2016-9412 — CVSS 9.8 (critical): MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related…
CVE-2016-9416 — CVSS 9.8 (critical): SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows…
CVE-2016-9403 — CVSS 9.8 (critical): newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified…
CVE-2015-8973 — CVSS 8.3 (high): xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers…
CVE-2016-9410 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database…
CVE-2016-9414 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by…
CVE-2016-9415 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite…
CVE-2016-9418 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain…
CVE-2015-8977 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the…
CVE-2016-9417 — CVSS 7.4 (high): The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to…
CVE-2016-9413 — CVSS 6.5 (medium): The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct…
CVE-2016-9421 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB…
CVE-2015-8975 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB…
CVE-2015-8976 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before…
CVE-2016-9404 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote…
CVE-2016-9405 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7…
CVE-2016-9406 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before…
CVE-2016-9407 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote…
CVE-2016-9408 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before…
CVE-2016-9409 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before…
CVE-2016-9411 — CVSS 5.3 (medium): The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the…