|
1881
|
4.3 |
MEDIUM
Network
|
-
|
-
|
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-53675
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1882
|
7.1 |
HIGH
Network
|
-
|
-
|
BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP dat…
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-53674
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1883
|
8.1 |
HIGH
Network
|
-
|
-
|
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a us…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-53673
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1884
|
6.8 |
MEDIUM
Network
|
-
|
-
|
SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate…
|
CWE-287
Improper Authentication
|
CVE-2026-47838
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1885
|
7.5 |
HIGH
Network
|
-
|
-
|
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in Me…
|
CWE-248
Uncaught Exception
|
CVE-2026-46545
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1886
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatch…
|
CWE-617
Reachable Assertion
|
CVE-2026-46543
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1887
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisi…
|
CWE-617
Reachable Assertion
|
CVE-2026-46542
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1888
|
7.5 |
HIGH
Network
|
-
|
-
|
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initia…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-46541
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1889
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip …
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-46540
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1890
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-46539
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
