CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Positive Technologies•added 2025/10/30 12:0 a.m.•4 views

PT-2025-44427

Name of the Vulnerable Software and Affected Versions Kanova versions 1.0.27 Description The Kanova Android App has issues with how access is controlled. An attacker could manipulate parameters in requests to the application's API and gain unauthorized access to user details and group information...

7.5CVSS6.6AI score0.0027EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-26244

Malware in sbrugna...

4.3CVSS4.5AI score0.01007EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-11273

Malware in sbrugna...

7.5CVSS7.7AI score0.01545EPSS

Exploits1References3

Tenable Nessus•added 2025/08/30 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2021-39888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1...

4.3CVSS5.2AI score0.01007EPSS

Exploits1References2

RedhatCVE•added 2025/05/22 8:43 p.m.•2 views

CVE-2021-39888

In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates...

4.3CVSS5.8AI score0.01007EPSS

Exploits1References1

OSV•added 2025/01/11 7:15 a.m.•11 views

BIT-MATTERMOST-2024-23493

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...

6.5CVSS5.1AI score0.00389EPSS

Exploits0References2

Veracode•added 2023/08/07 12:16 a.m.•22 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the Google IAP details in Prometheus integration are not properly hidden, which leads to the leak of project settings, instance and group details to other users...

6.4CVSS6.8AI score0.0069EPSS

Exploits0References5Affected Software1

OSV•added 2021/10/05 1:15 p.m.•1 views

UBUNTU-CVE-2021-39888

4.3CVSS5.8AI score0.01007EPSS

Exploits1References5

Hacker One•added 2016/03/03 11:47 a.m.•25 views

Veris: Multiple Stored XSS

Hello Team, I have found multiple vulnerable fields which accepts malicious javascript inputs and reflects on another form which fails to sanitize the malicious javascript input. Vulnerable Input Form: Edit Group Details Reflects where: View Rule Book Payload used: 1 2 Browsers used: Mozilla...

0.3AI score

Exploits0

Prion•added 2014/03/01 12:1 a.m.•19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-188...

4.3CVSS6AI score0.10817EPSS

Exploits9References7Affected Software1

Patchstack•added 2014/02/07 12:0 a.m.•22 views

WordPress BuddyPress Plugin <= 1.9.1 - XSS

Because of this vulnerability, authenticated users can inject arbitrary web script or HTML via the name field to groups/create/step/group-details. Solution Update the plugin...

4.3CVSS2.1AI score0.02587EPSS

Exploits3References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by