EUVD-2025-24597

Malicious code in bioql PyPI...

BIT-GITLAB-2024-10219 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

GitLab 11.6 < 18.0.6 / 18.1 < 18.1.4 / 18.2 < 18.2.2 (CVE-2025-2614)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial ...

CVE-2025-1477

Removed by vendor...

CVE-2025-1477 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoin...

CVE-2025-2498

Removed by vendor...

CVE-2025-2614 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resourc...

CVE-2025-2614

Removed by vendor...

CVE-2025-2937

Removed by vendor...

Linux Distros Unpatched Vulnerability : CVE-2025-4700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific...

CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

PT-2025-30634 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 18.0.4 GitLab EE versions 18.1 through 18.1.2 GitLab EE versions 18.2 through 18.2.0 Description: An issue exists in GitLab EE that, under certain circumstances, could allow an attacker to access internal notes...

CVE-2024-32886 Vitess vulnerable to infinite memory consumption and vtgate crash

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7...

CVE-2022-1711

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.5...

CVE-2022-1721

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...

CVE-2022-1721 Path Traversal in WellKnownServlet in jgraph/drawio

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...

PT-2022-14073 · Drawio · Drawio

Name of the Vulnerable Software and Affected Versions: drawio versions prior to 18.0.5 Description: The issue is related to a Server-Side Request Forgery SSRF in the editor's proxy via an IPv6 link-local address. This allows for SSRF to internal link-local IPv6 addresses. Recommendations: For...

PT-2022-14072 · Drawio · Drawio

Name of the Vulnerable Software and Affected Versions: drawio versions prior to 18.0.5 Description: The issue allows for path traversal in the WellKnownServlet, enabling the reading of local files of the web application. This can potentially lead to sensitive information disclosure...

JGraph draw.io 路径遍历漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io prior to version 18.0.5, which stems from a path traversal vulnerability in WellKnownServlet. An attacker could use this vulnerability to read local files of ...