CVE-2026-28209

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...

CVE-2026-28209

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...

UBUNTU-CVE-2024-5528

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...

BIT-GITLAB-2024-6595 Uncontrolled Search Path Element in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data...

GitLab 11.8 < 16.11.6 / 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-6595)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to...

Vulnerability fixed in GitLab CE/EE

GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...

GitLab CE/EE Security Vulnerabilities

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE. An attacker exploiting the...

PT-2024-4667 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.8 through 16.11.6 GitLab CE/EE versions 17.0 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 Description: An issue was discovered in GitLab CE/EE, which allows an attacker to trigger a pipeline as another use...

SUSE CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

CVE-2022-36394

Authenticated author+ SQL Injection SQLi vulnerability in Contest Gallery plugin = 17.0.4 at WordPress...

PT-2022-23351 · WordPress · Contest Gallery

Name of the Vulnerable Software and Affected Versions: Contest Gallery plugin versions = 17.0.4 Description: The issue is an authenticated SQL Injection vulnerability, affecting the Contest Gallery plugin at WordPress. This allows for SQL injection attacks when an attacker has author or higher...

semantic-release 信息泄露漏洞

semantic-release is semantic-release open source for automating the entire package release workflow, including: determining the next version number, generating release notes and releasing packages. An information disclosure vulnerability exists in semantic-release version 17.0.4, which stems from...

Nextcloud Server < 16.0.9, 17.x < 17.0.4, 18.0.0 Access Control Vulnerability (NC-SA-2020-015)

Nextcloud Server is prone to an information disclosure vulnerability due to a missing access control check. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Nextcloud Server Access Control Error Vulnerability (CNVD-2020-21014)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Server versions prior to 18.0.1, 17.0.4 and 16.0.9, which can be exploited by an attacker to downloa...

openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:0465-1)

MozillaThunderbird was updated to 17.0.4 bnc808243 - MFSA 2013-29/CVE-2013-0787 bmo848644 Use-after-free in HTML Editor %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-207. The...

openSUSE: Security Advisory for Mozilla (openSUSE-SU-2013:0431-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MozillaThunderbird: 17.0.4 release (important)

MozillaThunderbird was updated to 17.0.4 bnc808243 MFSA 2013-29/CVE-2013-0787 bmo848644 Use-after-free in HTML Editor...

Mozilla Thunderbird < 17.0.4 nsHTMLEditor Use-After-Free

The installed version of Thunderbird is earlier than 17.0.4 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor nsHTMLEditor related to content script and the calling of the function 'document.execCommand' while internal editor operations are...