Astra Linux - уязвимость в ceph

A flaw was discovered in OpenStack Manilla that manages Ceph File systems’ shares. This flaw allows the owner to read/write any share or entire file system. The vulnerability stems from a bug in the “volumes” plugin of the Ceph Manager. This allows attackers to compromise the confidentiality and...

CVE-2026-31832

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...

GHSA-RHCG-3H8R-V6VP Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Description A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient authorization enforcement when modifying user group membership...

EUVD-2026-10934

Umbraco Backoffice API Allows Unauthorized Modification of Domain Data...

EUVD-2026-10935

Umbraco Backoffice API Allows Unauthorized Modification of Domain Data...

GHSA-FPVF-FVP5-996R Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Description A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by insufficient authorization enforcement on the affected API...

CVE-2026-31834

Umbraco CMS (ASP.NET) versions affected: 15.3.1 up to before 16.5.1 and 17.2.2. A privilege escalation vulnerability exists where authenticated backoffice users with permission to manage users may elevate privileges during modification of user group memberships due to insufficient authorization c...

CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...

Umbraco 跨站脚本漏洞

Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco from 16.2.0 to 16.5.1 and before 17.2.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the ability to inject malicious HTML in attribute type...

Umbraco 安全漏洞

Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco from 15.3.1 to 16.5.1 and before, as well as versions prior to 17.2.2, have security vulnerabilities. These vulnerabilities stem from insufficient authorization when modifying...

PT-2026-24487

Name of the Vulnerable Software and Affected Versions Umbraco versions 15.3.1 through 16.5.0 Umbraco version 17.2.2 Description Umbraco CMS contains a privilege escalation issue. Authenticated backoffice users with user management permissions may be able to gain elevated privileges due to...

Linux Distros Unpatched Vulnerability : CVE-2024-6329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2...

XWiki Platform 输入验证错误漏洞

XWiki Platform is the XWiki open source suite of Wiki platforms for creating web collaboration applications. An input validation error vulnerability exists in XWiki Platform versions 17.0.0-rc1 through 17.2.2 and 16.10.5 and earlier, which stems from an uncleaned SQL query and could lead to a SQL...

Issuetrak 安全漏洞

Issuetrak is an issue tracking software from Issuetrak, Inc. A security vulnerability exists in Issuetrak v17.2.2 and prior versions, which stems from an insecure direct object reference in the auditing component that could lead to a low-privileged user accessing another user's audit results,...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, or to bypass security measures to gain access to projects that the malicious party is not initially authorized to access. GitL...

BIT-GITLAB-2024-3114 Uncontrolled Resource Consumption in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...

CVE-2024-3114

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...

UBUNTU-CVE-2024-3958

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

CVE-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

CVE-2024-4207

Removed by vendor...