16 matches found
CVE-2026-53673
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a userid parameter in the request. Attackers can pass another user's identifier to the...
CVE-2026-53674
BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...
WordPress plugin BuddyPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2021-39914
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user...
BIT-NODE-MIN-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
SUSE CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
GitLab Enterprise Edition 跨站脚本漏洞
GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition versions 14.4.0 through 14.9.1 that stems from insufficient cleanup of user-supplied data in comments. A remote user can exploit this vulnerability to inject and...
PT-2022-13253 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.3.6 GitLab CE/EE versions 14.4.0 through 14.4.3 GitLab CE/EE versions 14.5.0 through 14.5.1 Description: An issue has been discovered in GitLab CE/EE that allows unprivileged users to add other users to group...
CVE-2021-39914
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user...
PT-2021-22760 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 8.13 to 14.2.5 GitLab versions 14.3.0 to 14.3.3 GitLab versions 14.4.0 Description: A regular expression denial of service issue could cause excessive usage of resources when a specially crafted username was used when...
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0 12.18.0 and < 14.4.0.
...
Oracle Banking Corporate Lending Information Disclosure Vulnerability
Oracle Banking Corporate Lending is a bank loan management component of Oracle Corporation Oracle. An information disclosure vulnerability exists in the Core component of Oracle Banking Corporate Lending versions 12.3.0, 14.0.0 through 14.4.0. An attacker could exploit this vulnerability to gain...
CVE-2020-14896
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications component: Core. Supported versions that are affected are 14.1.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payment...
Security fix for the ALT Linux 10 package node version 14.4.0-alt1
June 19, 2020 Vitaly Lipatov 14.4.0-alt1 - new version 14.4.0 with rpmrb script - set libicu = 6.5 - set libnghttp2 = 1.41.0 - CVE-2020-8172, CVE-2020-11080, CVE-2020-8174...
UBUNTU-CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
Asterisk 14.4.0 Skinny Denial Of Service
Asterisk Skinny memory exhaustion vulnerability leads to DoS - Authors: - Alfred Farrugia - Sandro Gauci - Vulnerable version: Asterisk 14.4.0 with chanskinny enabled - References: AST-2017-004 - Enable Security Advisory: - Vendor Advisory: - Timeline: - Report date: 2017-04-13 - Digium confirmed...