CLEANSTART-2026-MM00120 Security fixes for CVE-2024-47535, CVE-2024-47561, CVE-2024-7254, CVE-2025-24970, CVE-2025-25193, CVE-2025-33042, CVE-2025-48924, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-67735, CVE-2025-68161, CVE-2026-41417, ghsa-3pxv-7cmr-fjr4, ghsa-445c-vh5m-36rj, ghsa-6hg6-v5c8-fphq, ghsa-72hv-8253-57qq, ghsa-pwqr-wmgm-9rr8, ghsa-w9fj-cfpg-grvv applied in versions: 13.8-r0, 13.9-r0

Multiple security vulnerabilities affect the wavefront-proxy package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2026-15833

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...

EUVD-2021-9372

Malicious code in bioql PyPI...

EUVD-2021-9347

Malicious code in bioql PyPI...

CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

CVE-2024-7554

Removed by vendor...

PT-2024-5516 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.9 through 17.0.6 GitLab CE/EE versions 17.1 through 17.1.4 GitLab CE/EE versions 17.2 through 17.2.2 Description: An issue has been discovered in GitLab CE/EE where access tokens may have been logged when an API reque...

GitLab 13.9 < 13.11.6 / 13.12 < 13.12.6 / 14.0 < 14.0.2 (CVE-2021-22226)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 CVE-2021-22226 Note that Nessus has not tested for...

BIT-GITLAB-2023-5963 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators...

CVE-2024-24877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9...

PT-2024-20633 · Unknown · Wonder Slider Lite

Name of the Vulnerable Software and Affected Versions: Wonder Slider Lite versions through 13.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS. Recommendations: For versions through...

GitLab 13.8 < 13.8.7 / 13.9 < 13.9.5 / 13.10 < 13.10.1 (CVE-2021-22198)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. CVE-2021-22198 Note that...

GitLab 10.6 < 13.8.7 / 13.9 < 13.9.5 / 13.10 < 13.10.1 (CVE-2021-22197)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target...

XWiki 13.9-rc-1 < 13.10.8, 14.x < 14.4.3, 14.5.x < 14.7 Information Disclosure Vulnerability (GHSA-vvp7-r422-rx83)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

GitLab 13.9 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Information Exposure Vulnerability

GitLab is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

CVE-2022-24820 Unauthenticated user can list hidden document from multiple velocity templates

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and...

CVE-2022-24820 Unauthenticated user can list hidden document from multiple velocity templates

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and...

PT-2022-16900 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 12.10.11 XWiki Platform versions prior to 13.4.4 XWiki Platform versions prior to 13.9-rc-1 Description: A guest user without the right to view pages of the wiki can still list documents by rendering some...

GitLab 11.9.x < 13.8.8 / 13.9.x < 13.9.6 / 13.10.x < 13.10.3 Remote Code Execution

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9 through 13.8.8 / 13.9.6 / 13.10.3. This is the result of improper validation of image files by a 3rd-party file parser Exif-Tool, resulting in a remote command execution. No source data...

Improper access control

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...