BIT-GITLAB-2025-5819 Incorrect Permission Assignment for Critical Resource in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

UBUNTU-CVE-2025-1299

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...

CVE-2025-6948

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition versions prior to 18.0 through 18.0.4 and 18.1 through 18.1.2, which stems from an authentication maintainer potentially bypassing...

GitLab Community Edition和GitLab Enterprise Edition 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Community Edition and GitLab...

CVE-2022-1730

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 18.0.4...

CVE-2024-23817 Dolibarr Application Home Page HTML injection vulnerability

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendere...

Dolibarr Security Breach

Dolibarr is a software application. A modern software package that helps manage your organization's activities. A security vulnerability exists in Dolibarr version 18.0.4, which stems from an HTML injection vulnerability in the application's home page that allows an attacker to inject arbitrary...

SUSE CVE-2020-8173

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended...

CVE-2022-1730 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 18.0.4...

PT-2022-14079 · Jgraph · Jgraph/Drawio

Name of the Vulnerable Software and Affected Versions: jgraph/drawio versions prior to 18.0.4 Description: The issue is related to Cross-site Scripting XSS - Stored. This means that an attacker can inject malicious scripts into a website, which are then stored on the server and executed by other...

PT-2022-14065 · Jgraph · Jgraph/Drawio

Name of the Vulnerable Software and Affected Versions: jgraph/drawio versions prior to 18.0.4 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability on the /proxy endpoint in the jgraph/drawio GitHub repository. This allows an attacker to make a request as the serve...

JGraph draw.io 代码问题漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 18.0.4. An attacker could exploit the vulnerability to make a request through the server and read its contents, which could lead to the...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0670-1 Rating: moderate References: 1171572 1171579 Cross-References: CVE-2020-8154 CVE-2020-8155 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description:...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0667-1 Rating: moderate References: 1084320 1171572 1171579 Cross-References: CVE-2020-8154 CVE-2020-8155 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that solves two...