TYPO3 CMS Allows Broken Access Control in Redirects Module

Problem Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record - without restriction to the user’s own file‑mounts or web‑mounts. This allowed attackers to insert or alter redirects pointing to...

Missing Authorization

Overview typo3/cms-recycler is a typo3 component to restore deleted records or remove them from the database permanently. Affected versions of this package are vulnerable to Missing Authorization via the recycler module. An attacker can delete arbitrary data from any database table defined in the...

Linux Distros Unpatched Vulnerability : CVE-2021-22246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks...

CVE-2024-3330 Spotfire Remote Code Execution Vulnerability

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction fr...

CVE-2024-35224

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...

CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...

CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...

CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...

GitLab < 13.11.6 (CVE-2021-22228)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access contro...

PT-2024-2851 · Adobe · Bridge

Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions 13.0.6, 14.0.2 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations...

Vulnerabilities fixed in Adobe Bridge

Adobe has fixed vulnerabilities in Adobe Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...

Adobe Bridge Multiple Vulnerabilities (APSB24-15) - Windows

The Adobe Bridge device is missing a security update announced via the apsb24-15 advisory. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

BIT-GITLAB-2021-22224

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim...

BIT-GITLAB-2021-22230

Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2...

BIT-GITLAB-2021-22232

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...

PT-2024-19972 · Symantec · Symantec Data Loss Prevention

Name of the Vulnerable Software and Affected Versions: Symantec Data Loss Prevention versions 14.0.2 and earlier Description: A buffer overflow issue exists, allowing a remote, unauthenticated attacker to exploit it by enticing a user to open a crafted document, which can lead to code execution...

GitLab 11.9 < 13.11.6 / 13.12 < 13.12.6 / 14.0 < 14.0.2 (CVE-2021-22223)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...

DigiExam 安全漏洞

DigiExam is an exam platform from the Swedish company DigiExam. A security vulnerability exists in DigiExam version v14.0.2, which stems from a lack of integrity checking of native modules, allowing an attacker to access PII and take over accounts on a shared computer...

CVE-2021-22246

A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks...

PT-2021-6695 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 Description: The issue is related to improper authorization in GitLab, allowing a remote attacker to impact data integrity. It is also described as an improper access control issue, enabling use...