Unity Linux 20.1060e / 20.1070e Security Update: postgresql (UTSA-2026-017503)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017503 advisory. A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to creat...

GitLab 11.10 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-4097)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a deni...

PT-2026-3990

Name of the Vulnerable Software and Affected Versions Apryse HTML2PDF SDK versions through 11.10 Description A flaw exists in the InsertFromURL function that may allow an attacker to execute arbitrary operating system commands on the local server. Recommendations Update to a version beyond 11.10...

UBUNTU-CVE-2025-12562

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

EUVD-2023-58520

Malicious code in bioql PyPI...

EUVD-2023-59361

Malicious code in bioql PyPI...

EUVD-2025-25190

Malicious code in bioql PyPI...

BIT-GITLAB-2025-8014 Allocation of Resources Without Limits or Throttling in GitLab

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption...

GitLab 11.10 < 18.2.7 / 18.3 < 18.3.3 / 18.4 < 18.4.1 (CVE-2025-8014)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

CVE-2023-5261

A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/stafftitleevaluation/delete.php. The manipulation of the argument EVALUATIONID leads to sql injection. The exploit has been disclosed to the public and may...

CVE-2023-5019

A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staffreinstatement/delete.php. The manipulation of the argument REINSTATEMENTID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2023-6084

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VUID leads to sql injection. The exploit has been disclosed to the public and ma...

CVE-2022-24206

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobileseal/getseal.php via the DEVICELIST parameter...

CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

PT-2024-16495 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 up to 11.10 Description: A critical issue has been found in Tongda OA, affecting an unknown functionality of the file /module/word model/view/index.php. The manipulation of the query str argument leads to SQL injection. The...

CVE-2024-10657

A vulnerability classified as critical has been found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/approvecenter/prcsinfo.php. The manipulation of the argument RUNID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

CVE-2024-10658 Tongda OA check_seal.php sql injection

A vulnerability classified as critical was found in Tongda OA up to 11.10. Affected by this vulnerability is an unknown functionality of the file /pda/approvecenter/checkseal.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2024-10618

CVE-2024-10618 affects Tongda OA 2017 up to 11.10. The vulnerability is a SQL injection in the repid parameter of /pda/reportshop/record_detail.php, exploitable remotely. Public exploit disclosure is noted. Connected sources (Red Hat/CVE lists, CNNVD, PT-Security, and Vuldb) consistently describe...

CVE-2024-10601 Tongda OA 2017 delete.php sql injection

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument whererepeat leads to sql injection. The attack can be...

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere 2017 11.10 and earlier versions, which stems from an SQL injection in the parameter whererepeat...