XWiki DeleteApplication - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack...

XWiki Rendering 安全漏洞

XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering versions 16.10.9 and earlier, 17.0.0-rc-1 through 17.4.2, and...

SQL Injection

Overview org.xwiki.platform:xwiki-platform-oldcore is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of this package are vulnerable to SQL Injection via the orderField parameter in the REST API. An attacker can execute arbitrary HQL...

CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...

XWiki Platform SQL注入漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A SQL injection vulnerability exists in XWiki Platform versions 4.3-milestone-1 through 16.10.9, 17.4.2, and prior to 17.5.0, which stems from an HQL injection in the orderField parameter an...

EUVD-2024-49515

Malicious code in bioql PyPI...

PT-2024-8667 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.3 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: The issue allows an attacker to create a group with a name matching an existing unique Pages domain,...

CVE-2024-9164

An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches...

CVE-2024-8970

GitLab CE/EE vulnerable in multiple versions (11.6–17.2.9, 17.3–17.3.5, 17.4–17.4.2) where an attacker could trigger a pipeline as another user under certain conditions. Affected projects include GitLab CE/EE; the issue is addressed in updated releases. Public references point to GitLab issues an...

CVE-2024-5005

GitLab CVE-2024-5005 affects GitLab EE/CE with version ranges: 11.4–17.2.8, 17.3–17.3.4, and 17.4–17.4.1. Affects guests who could disclose project templates via the API. The issue is fixed in GitLab in the following patched releases: 17.2.9, 17.3.5, and 17.4.2. If you are using any vulnerable ve...

CVE-2024-9164

The CVE-2024-9164 entry affects GitLab Enterprise Edition. The issue allows running pipelines on arbitrary branches across all versions starting from 12.5 up to but not including 17.2.9, from 17.3 up to but not including 17.3.5, and from 17.4 up to but not including 17.4.2. The underlying problem...

CVE-2024-9164 Missing Authentication for Critical Function in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab version 17.1 up to and including...

GitLab 8.16 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-9623)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys ...

PT-2024-7212 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.6 through 17.2.9 GitLab EE versions 17.3 through 17.3.5 GitLab EE versions 17.4 through 17.4.2 Description: An issue has been discovered in GitLab EE, allowing an unauthenticated attacker to determine the GitLab version...

PT-2024-7210 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.16 through 17.2.9 GitLab CE/EE versions 17.3 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 Description: An issue was discovered in GitLab CE/EE, which allows deploy keys to push to an archived repository. Th...

PT-2024-7224 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 17.1 through 17.2.9 GitLab versions 17.3 through 17.3.5 GitLab versions 17.4 through 17.4.2 Description: A cross-site scripting issue has been discovered in GitLab. The issue is related to the lack of protection of the web pag...

Null pointer dereference

Adobe InDesign versions 19.0 and earlier and 17.4.2 and earlier are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requir...

PT-2023-20620 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: Adobe InCopy versions 18.5 and earlier Adobe InCopy versions 17.4.2 and earlier Description: The issue is related to an out-of-bounds read when parsing a crafted file, potentially allowing an attacker to execute code in the context of the...