CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/21 8:17 p.m.•2 views

CVE-2026-40889

6.5CVSS0.00036EPSS

Cvelist•added 2026/04/21 7:32 p.m.•26 views

CVE-2026-40889 Frappe HR has Improper Access Control on Files

6.5CVSS0.00036EPSS

Vulnrichment•added 2026/04/21 7:32 p.m.•0 views

CVE-2026-40889 Frappe HR has Improper Access Control on Files

6.5CVSS5.8AI score0.00036EPSS

CVE•added 2026/04/21 7:32 p.m.•4 views

CVE-2026-40889

CVE-2026-40889 concerns Frappe HR (HRMS) and describes an Improper Access Control on Files . Before versions 15.58.2 and 16.4.2 , authenticated users could access files they should not be able to view by abusing a vulnerable API endpoint. The affected line items indicate that the vulnerability re...

6.5CVSS5.8AI score0.00036EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/21 12:0 a.m.•3 views

PT-2026-34059

6.5CVSS5.8AI score0.00036EPSS

Exploits0References4

CNNVD•added 2024/08/12 12:0 a.m.•2 views

OpenText Directory Services 安全漏洞

OpenText Directory Services OTDS is an information management solution from OpenText Canada Inc. integrates OpenText products and solutions with the company's enterprise directory infrastructure. A security vulnerability exists in OpenText Directory Services version 16.4.2 through versions prior ...

9.8CVSS6.5AI score0.00424EPSS

Positive Technologies•added 2024/08/12 12:0 a.m.•3 views

PT-2024-15250 · Opentext · Opentext Directory Services

Name of the Vulnerable Software and Affected Versions: OpenText Directory Services versions 16.4.2 through 24.1 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This vulnerability allows Path Travers...

9.8CVSS7AI score0.00424EPSS

Exploits0References5

OSV•added 2024/03/06 11:6 a.m.•290 views

BIT-GITLAB-2023-3246 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor...

4.3CVSS4.5AI score0.00048EPSS

OSV•added 2024/03/06 10:55 a.m.•163 views

BIT-GITLAB-2023-5963 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators...

4.3CVSS4AI score0.00014EPSS

Tenable Nessus•added 2023/11/13 12:0 a.m.•27 views

GitLab 10.3 < 16.3.6 / 16.4.0 < 16.4.2 / 16.5.0 < 16.5.1 (CVE-2023-3246)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an...

4.3CVSS5.1AI score0.00048EPSS

Exploits0References4

Vulnrichment•added 2023/11/06 5:30 p.m.•15 views

CVE-2023-4700 Missing Authorization in GitLab

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals...

3.5CVSS4.9AI score0.00006EPSS

Prion•added 2023/11/06 1:15 p.m.•24 views

Design/Logic Flaw

4CVSS6.7AI score0.00048EPSS

Exploits0References2Affected Software1

OSV•added 2023/11/06 1:15 p.m.•1 views

UBUNTU-CVE-2023-3909

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

6.5CVSS5.7AI score0.00023EPSS

OSV•added 2023/11/06 12:8 p.m.•13 views

CVE-2023-3909 Inefficient Regular Expression Complexity in GitLab

4.3CVSS6.3AI score0.00023EPSS

Exploits0References5

CVE•added 2023/11/06 10:30 a.m.•238 views

CVE-2023-5825

GitLab CE/EE CVE-2023-5825 affects 16.2–16.3.5, 16.4.0–16.4.1, and 16.5.0 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path, causing memory exhaustion via an infinite loop and Denial of Service. Impact: availability only. Remediation: upgrade to GitLab 16.3...

6.5CVSS6.3AI score0.00478EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2023/11/06 12:0 a.m.•2 views

PT-2023-23803 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions prior to 16.3.6 GitLab EE/CE versions 16.4.0 through 16.4.1 GitLab EE/CE versions 16.5.0 Description: An issue has been discovered in GitLab EE/CE that allows attackers to block the Sidekiq job processor. Recommendations...

4.3CVSS6.5AI score0.00048EPSS

Exploits0References12

CNVD•added 2022/09/19 12:0 a.m.•28 views

Adobe InCopy Buffer Overflow Vulnerability (CNVD-2023-05235)

Adobe InCopy is an application from Adobe for professional word processing. Adobe InCopy 17.3 and 16.4.2 and previous versions are vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...

7.8CVSS6.5AI score0.00127EPSS

OSV•added 2022/09/16 6:15 p.m.•1 views

CVE-2022-38415

Adobe InDesign versions 16.4.2 and earlier and 17.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS6.3AI score0.00127EPSS

OSV•added 2022/09/16 6:15 p.m.•1 views

CVE-2022-38414

7.8CVSS6.3AI score