EUVD-2020-7562

Malware in sbrugna...

EUVD-2025-3977

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-2303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15....

CVE-2022-22588

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service...

CVE-2020-15576

SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response...

CVE-2020-15573

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421...

CVE-2020-15542

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command...

CVE-2025-24892

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a...

CVE-2025-24892

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a...

CVE-2025-24892 OpenProject stored HTML injection vulnerability

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a...

CVE-2025-24892

CVE-2025-24892 affects OpenProject prior to 15.2.1, where the Group Management UI fails to sanitize user input, allowing HTML/script content in groups to be rendered in a project (stored HTML injection). The issue is resolved in OpenProject 15.2.1. If upgrading isn’t possible, a patch is availabl...

CVE-2025-24892 OpenProject stored HTML injection vulnerability

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a...

CVE-2024-40492

Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function...

PT-2024-28875 · Unknown · Heartbeat Chat

Name of the Vulnerable Software and Affected Versions: Heartbeat Chat version 15.2.1 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the setname function. This enables the attacker to perform unauthorized actions on the affected system...

BIT-GITLAB-2022-2498

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author...

BIT-GITLAB-2022-2539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization...

CVE-2022-2498

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL...

Improper access control

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

CVE-2022-2303

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Passwo...