CVE-2026-40104

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

CVE-2026-33229

XWiki Platform (before versions 17.4.8 and 17.10.1) contains an improperly protected Velocity scripting API that lets any user with script right bypass the sandbox and execute code (e.g., arbitrary Python scripts), granting full access to the instance and compromising confidentiality, integrity, ...

EUVD-2024-54321

Malicious code in bioql PyPI...

EUVD-2024-54320

Malicious code in bioql PyPI...

CVE-2024-10307

An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request...

UBUNTU-CVE-2024-12619

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects...

UBUNTU-CVE-2024-10307

An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request...

CVE-2024-12619 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects...

GitLab 17.7 < 17.8.6 / 17.9 < 17.9.3 / 17.10 < 17.10.1 (CVE-2025-0811)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site...

UBUNTU-CVE-2025-2255

An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks XSS. for AppSec...

CVE-2025-2255 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks XSS. for AppSec...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability in GitLab Enterprise Edition EE and GitLab Community Edition ...

GitLab 代码注入漏洞

GitLab is an open source, end-to-end software development platform from US-based GitLab with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A code injection vulnerability exists in GitLab versions prior to 17.10.1,...

PT-2025-13455 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.0 through 17.8.5 GitLab CE/EE versions 17.9 through 17.9.2 GitLab CE/EE versions 17.10 through 17.10.0 Description: An issue has been discovered in GitLab CE/EE, allowing internal users to gain unauthorized access to...

RedHunt OS - Virtual Machine For Adversary Emulation And Threat Hunting

Virtual Machine for Adversary Emulation and Threat Hunting RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment. Base Machine: Lubuntu-17.10.1...