PT-2026-20947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...

PT-2024-14946 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.11 through 16.6.6 GitLab CE/EE versions 16.7 through 16.7.4 GitLab CE/EE versions 16.8 through 16.8.1 Description: A denial of service issue was identified in GitLab CE/EE, which allows an attacker to increase the...

CVE-2023-5612

An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled...

Input validation

An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a Cargo.toml containing maliciously crafted input...

CVE-2023-6159

Removed by vendor...

CVE-2024-0456 Direct Request ('Forced Browsing') in GitLab

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project...

CVE-2024-0402

Removed by vendor...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE version 12.7 up to and includin...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab versions prior to 16.6.6, 16.7 throug...

GitLab 13.7 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2023-5933)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary...

PT-2024-1483 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.7 through 16.6.5 GitLab CE/EE versions 16.7 through 16.7.3 GitLab CE/EE versions 16.8 through 16.8.0 Description: An issue has been discovered in GitLab CE/EE due to improper input sanitization of the user name,...

WordPress Gutenberg Plugin <= 16.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Type Plugin Vulnerable versions = 16.8.0 Fixed in 16.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38000 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fc1d5fbe52a2 Credits Rafie Muhammad Patchstack Required...

GHSA-9PV7-VFVM-6VR7 graphql Uncontrolled Resource Consumption vulnerability

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

CVE-2018-0315

A vulnerability in the authentication, authorization, and accounting AAA security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service DoS condition...

WM Recorder 16.8.1 Denial Of Service

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: WM Recorder 16.8.1 - Denial of Service Date: 03-20-2018 Vulnerable Software: WM Recorder 16.8.1 Vendor Homepage: http://wmrecorder.com/home/ Version: 16.8.1 Software Link: http://wmrecorder.com/download/wm-recorder/ Tested On:...

WM Recorder 16.8.1 - Denial of Service

WM Recorder 16.8.1 - Denial of Service !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: WM Recorder 16.8.1 - Denial of Service Date: 03-20-2018 Vulnerable Software: WM Recorder 16.8.1 Vendor Homepage: http://wmrecorder.com/home/ Version: 16.8.1 Software Link:...

WM Recorder 16.8.1 - Denial of Service

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: WM Recorder 16.8.1 - Denial of Service Date: 03-20-2018 Vulnerable Software: WM Recorder 16.8.1 Vendor Homepage: http://wmrecorder.com/home/ Version: 16.8.1 Software Link: http://wmrecorder.com/download/wm-recorder/ Tested On:...