EUVD-2026-32617

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended...

CVE-2026-3343

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

CVE-2026-3343

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

CVE-2023-40406

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, macOS Sonoma 14. An app may be able to read arbitrary files...

CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution...

EUVD-2018-16088

Malware in sbrugna...

EUVD-2020-18466

Malware in sbrugna...

EUVD-2023-45749

Malicious code in bioql PyPI...

EUVD-2023-51886

Malicious code in bioql PyPI...

EUVD-2024-29285

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-3060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate conten...

WordPress Ultimate Membership Pro Plugin <= 12.7 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Membership Pro Type Plugin Vulnerable versions = 12.7 Fixed in 12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43241 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75c4d13f2043 Credits Rafie Muhammad Patchstack...

WordPress Ultimate Membership Pro Plugin <= 12.7 is vulnerable to PHP Object Injection

Software Ultimate Membership Pro Type Plugin Vulnerable versions = 12.7 Fixed in 12.8 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-43242 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4d478cf8c35d Credits Rafie Muhammad Patchstack Required...

WordPress Ultimate Membership Pro Plugin <= 12.7 is vulnerable to Privilege Escalation

Software Ultimate Membership Pro Type Plugin Vulnerable versions = 12.7 Fixed in 12.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-43240 Patch priority High CVSS severity High 9.4 Developer Claim ownership PSID cfa9ba3d1675 Credits...

PT-2024-13488

Name of the Vulnerable Software and Affected Versions Automattic Jetpack versions prior to 12.7 Description The issue is related to an Improper Restriction of Rendered UI Layers or Frames vulnerability, which allows Clickjacking. Recommendations For versions prior to 12.7, update to version 12.7 ...

MihanPanel < 12.7 - Cross-Site Request Forgery

Description The MihanPanel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 12.7. This is due to missing or incorrect nonce validation on the delete and deleteall cases. This makes it possible for unauthenticated attackers to delete IP addresses from the blocked...

BIT-GITLAB-2020-10083

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...

PT-2024-14243 · WordPress · Wp Review Slider

Name of the Vulnerable Software and Affected Versions: WP Review Slider versions n/a through 12.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

Input validation

An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a Cargo.toml containing maliciously crafted input...

CVE-2023-6159

Removed by vendor...