Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-53673

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a userid parameter in the request. Attackers can pass another user's identifier to the...

8.6CVSS5.6AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 12:16 a.m.19 views

CVE-2026-53674

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

7.1CVSS0.00288EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.11 views

WordPress plugin BuddyPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.5AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:14 p.m.7 views

CVE-2021-39914

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user...

5CVSS5.8AI score0.01036EPSS
Exploits0References1
OSV
OSV
added 2024/12/16 2:7 p.m.17 views

BIT-NODE-MIN-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

7.4CVSS7.4AI score0.06065EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.3 views

SUSE CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

8.1CVSS8AI score0.06065EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.5 views

GitLab Enterprise Edition 跨站脚本漏洞

GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition versions 14.4.0 through 14.9.1 that stems from insufficient cleanup of user-supplied data in comments. A remote user can exploit this vulnerability to inject and...

8.7CVSS7.5AI score0.82003EPSS
Exploits3References10
Positive Technologies
Positive Technologies
added 2022/03/28 12:0 a.m.4 views

PT-2022-13253 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.3.6 GitLab CE/EE versions 14.4.0 through 14.4.3 GitLab CE/EE versions 14.5.0 through 14.5.1 Description: An issue has been discovered in GitLab CE/EE that allows unprivileged users to add other users to group...

6.5CVSS6.1AI score0.00906EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2021/11/04 11:15 p.m.17 views

CVE-2021-39914

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user...

5CVSS5.8AI score0.01036EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.4 views

PT-2021-22760 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 8.13 to 14.2.5 GitLab versions 14.3.0 to 14.3.3 GitLab versions 14.4.0 Description: A regular expression denial of service issue could cause excessive usage of resources when a specially crafted username was used when...

5CVSS4.2AI score0.01036EPSS
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2021/06/06 7:0 a.m.4 views

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0 12.18.0 and < 14.4.0.

...

9.3CVSS7AI score0.07646EPSS
Exploits1
CNVD
CNVD
added 2020/10/23 12:0 a.m.3 views

Oracle Banking Corporate Lending Information Disclosure Vulnerability

Oracle Banking Corporate Lending is a bank loan management component of Oracle Corporation Oracle. An information disclosure vulnerability exists in the Core component of Oracle Banking Corporate Lending versions 12.3.0, 14.0.0 through 14.4.0. An attacker could exploit this vulnerability to gain...

6.8CVSS8.8AI score0.01508EPSS
Exploits0References1
OSV
OSV
added 2020/10/21 3:15 p.m.3 views

CVE-2020-14896

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications component: Core. Supported versions that are affected are 14.1.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payment...

6.5CVSS6.9AI score0.01508EPSS
Exploits0References1
ALT Linux
ALT Linux
added 2020/06/19 12:0 a.m.36 views

Security fix for the ALT Linux 10 package node version 14.4.0-alt1

June 19, 2020 Vitaly Lipatov 14.4.0-alt1 - new version 14.4.0 with rpmrb script - set libicu = 6.5 - set libnghttp2 = 1.41.0 - CVE-2020-8172, CVE-2020-11080, CVE-2020-8174...

9.3CVSS7.1AI score0.07646EPSS
Exploits2
OSV
OSV
added 2020/06/08 2:15 p.m.6 views

UBUNTU-CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

7.4CVSS6.9AI score0.06065EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2017/05/22 12:0 a.m.55 views

Asterisk 14.4.0 Skinny Denial Of Service

Asterisk Skinny memory exhaustion vulnerability leads to DoS - Authors: - Alfred Farrugia - Sandro Gauci - Vulnerable version: Asterisk 14.4.0 with chanskinny enabled - References: AST-2017-004 - Enable Security Advisory: - Vendor Advisory: - Timeline: - Report date: 2017-04-13 - Digium confirmed...

0.2AI score
Exploits0
Rows per page
Query Builder