threat
engine
.sh
Back
·
··:··
Home
/
Product
/
simplemachines smf
Product
simplemachines smf
18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-26025
<= 1.4.1
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks.
7.5
HIGH
CVE-2026-26024
<= 1.4.1
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks.
7.5
HIGH
CVE-2026-25501
<= 1.4.1
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks.
7.5
HIGH
CVE-2025-69232
<= 1.4.0
free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6,
7.5
HIGH
CVE-2023-47346
all versions
Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted
7.5
HIGH
CVE-2012-5903
all versions
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web scri
CVE-2011-4173
all versions
Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack
CVE-2011-3615
<= 1.1.14
Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to
CVE-2011-1131
<= 1.1.12
The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached
CVE-2011-1130
<= 1.1.12
Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might all
CVE-2011-1129
<= 1.1.12
Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13,
CVE-2011-1128
<= 1.1.12
The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly
CVE-2011-1127
<= 1.1.12
SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allow
CVE-2008-6971
all versions
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4
CVE-2008-2019
all versions
Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (
CVE-2006-6375
all versions
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attacke
CVE-2006-4564
all versions
SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitr
CVE-2004-1996
all versions
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin