PT-2026-26157

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

EUVD-2024-48077

Malicious code in bioql PyPI...

PT-2025-3959 · Epic Games · Epic Games Launcher

Name of the Vulnerable Software and Affected Versions: Epic Games Launcher versions up to 17.2.1 Description: A vulnerability was found in the Epic Games Launcher, affecting the library profapi.dll of the component Installer. The issue leads to an untrusted search path. Local attack is required,...

Epic Games Launcher 代码问题漏洞

Epic Games Launcher is a game software launcher from Epic Games USA. A code issue vulnerability exists in Epic Games Launcher version 17.2.1 and earlier, which stems from code in the profapi.dll library in the component Installer that can lead to untrusted search paths...

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass

Document Title: =============== Apple iOS 17.2.1 - Screen Time Passcode Retrieval Mitigation Bypass Release Date: ============= 2024-09-24 Affected Products: ==================== Vendor: Apple Inc. Product: Apple iOS 17.2.1 possibly all 18.0 excluding 18.0 References: ==================== VIDEO...

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass Vulnerabilities

A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and...

CVE-2024-7057 Improper Access Control in GitLab

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...

CVE-2024-7047

CVE-2024-7047 is a cross-site scripting vulnerability in GitLab CE/EE. Concrete details from multiple sources show the issue arises from improper neutralization/protection of input in web page generation, allowing an attacker to execute scripts in the context of the currently logged-in user. Affe...

CVE-2024-7047

Removed by vendor...

CVE-2024-5067

Removed by vendor...

CVE-2024-5067 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles...

GitLab 16.11 < 17.0.5 / 17.1 < 17.1.3 / 17.2 < 17.2.1 (CVE-2024-5067)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level...

GitLab 16.7 < 17.0.5 / 17.1 < 17.1.3 / 17.2 < 17.2.1 (CVE-2024-7057)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job...

Apple Security Update: iOS 17.2.1

Apple recommends to install security update iOS 17.2.1 on devices iPhone XS and later...

Apple Security Update: Safari 17.2.1

Apple recommends to install security update Safari 17.2.1 on devices macOS Monterey and macOS Ventura...

CVE-2022-34245

Adobe InDesign versions 17.2.1 and earlier and 16.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

CVE-2022-30661

Adobe InDesign versions 17.2.1 and earlier and 16.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

CVE-2022-30662

Adobe InDesign versions 17.2.1 and earlier and 16.4.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2022-30658

Adobe InDesign versions 17.2.1 and earlier and 16.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

CVE-2022-30659

Adobe InDesign versions 17.2.1 and earlier and 16.4.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...