Skip to main content

Forem

2 CVEs product

Monthly

CVE-2026-48780 HIGH This Week

Authentication bypass in Forem (prior to commit a2ab6d4) allows remote attackers to circumvent email domain allowlist/denylist controls by submitting RFC 2047 encoded-word email addresses, enabling unauthorized registration on invite-only deployments. The flaw arises because the raw email string passes domain checks while downstream mail decoding resolves it to an attacker-controlled address, with no public exploit identified at time of analysis.

Authentication Bypass Forem
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-27160 HIGH POC This Week

{id}. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Forem
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.2%
EPSS 0% CVSS 8.2
HIGH This Week

Authentication bypass in Forem (prior to commit a2ab6d4) allows remote attackers to circumvent email domain allowlist/denylist controls by submitting RFC 2047 encoded-word email addresses, enabling unauthorized registration on invite-only deployments. The flaw arises because the raw email string passes domain checks while downstream mail decoding resolves it to an attacker-controlled address, with no public exploit identified at time of analysis.

Authentication Bypass Forem
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

{id}. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Forem
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy