VYPR
Vendor

Forem

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2023-27160HigMar 31, 2023
    risk 0.47cvss 7.2epss 0.01

    forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.

  • CVE-2026-48780HigJun 16, 2026
    risk 0.46cvss 8.2epss 0.00

    Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of…

  • CVE-2021-3494MedApr 26, 2021
    risk 0.38cvss 5.9epss 0.00

    A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions…