CVE-2022-0167

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making i...

Linux Distros Unpatched Vulnerability : CVE-2022-0123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL...

CVE-2024-52701

A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...

CVE-2024-46605

A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2022-0090

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in...

PT-2024-35414 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo version 14.5.0 Description: A stored cross-site scripting XSS issue in the Configuration page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter. This could potential...

Piwigo 安全漏洞

Piwigo is Piwigo open source a set of Web-based open source image library software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version v14.5.0, which stems from the presence of a stored...

Piwigo 安全漏洞

Piwigo is Piwigo open source a set of Web-based open source image library software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version v14.5.0 that stems from vulnerability to a cross-site...

PT-2024-31963 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo version 14.5.0 Description: The issue is an authenticated cross-site scripting XSS vulnerability that allows attackers to execute arbitrary web scripts or HTML. This is achieved by injecting a crafted payload into the Album Name...

CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

Piwigo 安全漏洞

Piwigo is Piwigo open source a set of Web-based open source image library software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version v14.5.0, which stems from vulnerability to cross-site...

BIT-GITLAB-2021-39927

Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443...

GHSA-PH6G-P72V-PC3P Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. Impact A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the state query...

Deserialization of untrusted data

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the state query parameter,...

CVE-2023-36825 Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the state query parameter,...

Orchid 代码问题漏洞

Orchid is an @laravel package that allows rapid development of backend applications, admin/user panels and dashboards. A code issue vulnerability exists in Orchid versions prior to 14.5.0 that stems from the presence of untrusted data deserialization, which could lead to remote code execution...

PT-2023-3609 · Orchid · Orchid

Name of the Vulnerable Software and Affected Versions: Orchid versions 14.0.0-alpha4 through 14.4.x Description: A vulnerability is present in the Orchid package, related to the deserialization of untrusted data from the state query parameter, which can result in remote code execution. The issue...

PT-2022-13006 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 14.0 through 14.4.5 GitLab versions 14.5.0 through 14.5.3 GitLab versions 14.6.0 through 14.6.2 Description: An issue has been discovered in GitLab where the Autocomplete attribute of fields related to sensitive information wa...

PT-2022-13253 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.3.6 GitLab CE/EE versions 14.4.0 through 14.4.3 GitLab CE/EE versions 14.5.0 through 14.5.1 Description: An issue has been discovered in GitLab CE/EE that allows unprivileged users to add other users to group...

CVE-2022-0124

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...