CVE-2026-54224 is a high-severity Denial of Service (DoS) vulnerability affecting UBB.threads. An authenticated attacker can exploit this vulnerability by sending multiple concurrent requests to view any user profile on instances with many registered users, leading to database resource exhaustion and complete denial of access to the application for other users. The vulnerability has been confirmed in vers [truncated]
CVE-2026-54223 is a high-severity path traversal vulnerability in UBB.threads, allowing attackers with template editing privileges to read and write any file on the server, potentially leading to remote code execution. The vulnerability has been confirmed in version 7.7.5, but may affect other versions. Due to unsuccessful vendor contact attempts, the vulnerability's full scope remains uncertain. Organiza [truncated]
CVE-2026-54222 is a high-severity Blind SQL Injection vulnerability in UBB.threads, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries through time-based or boolean-based techniques. The vulnerability has been con [truncated]
CVE-2026-54220 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability in uBB.threads, allowing attackers to trick authenticated users into executing unintended actions. The vulnerability has a CVSS score of 8.6 and is considered HIGH severity. Due to unsuccessful vendor contact attempts, the vulnerability has only been confirmed in version 7.7.5, but may also affect other versions. This vulner [truncated]
