CVE-2018-18550

ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user...

CVE-2025-62022

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through = 14.3.4...

CVE-2025-62022

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through = 14.3.4...

CVE-2025-62022

CVE-2025-62022 affects the WordPress BuddyPress plugin up to version 14.3.4 and is described as a Missing Authorization (Broken Access Control) vulnerability. The issue is scoped to BuddyPress versions ≤ 14.3.4; CVSS 3.1 base score 7.5 (I: High). Exploitation details, specific vulnerable componen...

CVE-2025-62022 WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through = 14.3.4...

WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ? in WordPress Plugin BuddyPress versions = 14.3.4...

CVE-2021-39947

In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs...

CVE-2025-32017

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 an...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to the handling of TemporaryFileOperationStatus in TemporaryFileControllerBase.cs and TemporaryFileService.cs. An attacker can upload files to unintended locations to cause disruption of service to other user...

CVE-2025-32017

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 an...

CVE-2025-32017

CVE-2025-32017 – Umbraco CMS : A path traversal vulnerability in the management API allows authenticated backoffice users to upload files to unintended locations in Umbraco 14+ installations. Root cause is insufficient validation in the management API, enabling uploads to incorrect paths. Affecte...

GitLab 0.0 < 14.3.4 / 14.4 < 14.4.2 / 14.5 < 14.5.2 (CVE-2021-39947)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of...

GitLab 0.8.x < 14.2.6, 14.3.x < 14.3.4, 14.4.x < 14.4.1 Code Injection Vulnerability.

GitLab is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

Vulnerabilities fixed in GitLab Runner

Vulnerabilities have been fixed in GitLab Runner. A authenticated malicious party could potentially exploit them to cause a denial-of-service or to gain access to system data. GitLab developers have released updates to address the vulnerabilities in GitLab Runner 14.3.4, 14.4.2 and 14.5.2. For mo...

Improper access control

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...

CVE-2021-39911

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...

PT-2021-22759 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.2.6 GitLab CE/EE versions 14.3 through 14.3.3 GitLab CE/EE versions 14.4 through 14.4.0 Description: The issue involves the accidental logging of the system root password in the migration log. This allows an...

PT-2021-22751 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 14.2.6 GitLab CE/EE versions 14.3 through 14.3.4 GitLab CE/EE versions 14.4 through 14.4.1 Description: The issue is related to an Improper Access Control vulnerability in the GraphQL API. This vulnerability...

Sql injection

ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user...