CVE-2026-8144 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-pages...

CVE-2026-8144

creationtimestamp| type| source ---|---|--- 2026-05-14 09:04:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlshliewmz2i 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...

CVE-2026-8144

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

GitLab 15.1 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-8144)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2026-8144 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...

CVE-2024-8144

A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2020-8144

The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...

CVE-2024-8144

creationtimestamp| type| source ---|---|--- 2024-08-25 06:45:56+00:00| seen| https://t.me/cvedetector/4080...

CVE-2024-8144 ClassCMS Logo admin cross site scripting

A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2019-8144

creationtimestamp| type| source ---|---|--- 2024-02-04 15:21:11+00:00| seen| https://t.me/ctinow/178848...

CVE-2016-8144

...

CVE-2016-8144

CVE-2016-8144 is rejected/not used and does not represent an active vulnerability entry.

UniFi Video <= 3.9.3 Multiple Vulnerabilities

UniFi Video on Windows is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2020-8144

The CVE-2020-8144 issue affects UniFi Video Server v3.9.3 and earlier on Windows (x64) where the firmware update mechanism does not validate the download destination, allowing a crafted ..\ sequence to cause the firmware file to be saved outside the intended directory. This path traversal could e...

CVE-2019-8144

Magento 2.3 (before 2.3.3 or 2.3.2-p1) is affected by a remote code execution vulnerability via PageBuilder template methods. An unauthenticated attacker can supply a payload to achieve RCE. Mitigation is to apply the Magento security patch 2.3.3 (and 2.2.10) as cited in security advisories; no e...

CVE-2017-8144

CVE-2017-8144 affects several Huawei smartphones (e.g., Honor 5A, Honor 8 Lite, Mate 9/9 Pro, P10/Plus, and others listed in NVD) with software versions prior to specific CAM/ Prague/ MHA/LON/VTR/VKY builds. The root cause is a resource exhaustion vulnerability caused by a misconfigured setting t...

CVE-2014-8144

Cross-site request forgery CSRF vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors...

CVE-2014-8144

CVE-2014-8144 concerns the Doorkeeper gem (Rails) and is evidenced by multiple sources in connected documents. The vulnerability is a CSRF flaw in Doorkeeper before 1.4.1 that allows remote attackers to hijack a user’s OAuth authentication by reading a user’s authorization code via unknown vector...

Cross-site request forgery (CSRF) vulnerability in doorkeeper 1.4.0 and earlier.

Cross-site request forgery CSRF vulnerability in doorkeeper 1.4.0 and earlier allows remote attackers to hijack the user's OAuth autorization code. This vulnerability has been assigned the CVE identifier CVE-2014-8144. Doorkeeper's endpoints didn't have CSRF protection. Any HTML document on the...

CVE-2009-0813

creationtimestamp| type| source ---|---|--- 2009-03-03 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/8144...