Aggregates CVE and security vulnerability intelligence across all renren-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact application crash, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-70821 | renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component | [email protected] | 9.8 | 0.01% | 2026-03-03 | 2026-03-05 |
| CVE-2012-0916 | Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file. | [email protected] | 9.3 | 5.50% | 2012-01-24 | 2026-04-29 |
| CVE-2012-0915 | Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image. | [email protected] | 9.3 | 5.14% | 2012-01-24 | 2026-04-29 |