cbcvebase.
CVE-2025-50979
published 2025-08-27

CVE-2025-50979: NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly…

PriorityP268high8.6CVSS 3.1
AVNACLPRNUINSUCHILAL
EPSS
8.12%
94.1th percentile
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads.

Affected

2 ranges
VendorProductVersion rangeFixed in
nodebbnodebb
nodebbnodebb0 – 4.3.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.