52 matches found
Linux Distros Unpatched Vulnerability : CVE-2011-3818
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an...
Linux Distros Unpatched Vulnerability : CVE-2022-3818
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to...
Debian: Security Advisory (DLA-4189-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-4189 : python-webpy-doc - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4189 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4189-1 [email protected] https://www.debian.org/lts/security/...
CVE-2021-3818
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking...
CVE-2025-3818
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB.processinsertquery of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3818 webpy web.py db.py PostgresDB._process_insert_query sql injection
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB.processinsertquery of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3818
CVE-2025-3818 affects webpy (web.py) 0.70, specifically the PostgresDB._process_insert_query in web/db.py. The vulnerability arises from manipulation of the seqname argument, enabling SQL injection that can be exploited remotely. Multiple sources corroborate, including NVD/NVD-derived data and De...
CVE-2025-3818 webpy web.py db.py PostgresDB._process_insert_query sql injection
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB.processinsertquery of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
Debian: Security Advisory (DLA-3818-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-3818
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplie...
CVE-2024-3818
CVE-2024-3818 affects the Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates WordPress plugin. The issue is a DOM-based stored XSS in the Social Icons block, arising from insufficient input sanitization/output escaping on user-supplied attributes. Affected versions include all...
WordPress Essential Blocks for Gutenberg Plugin <= 4.5.9 is vulnerable to Cross Site Scripting (XSS)
Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.5.9 Fixed in 4.5.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3818 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4d1106e336b0 Credits João Ped...
GitLab < 15.3.5 (CVE-2022-3818)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause...
GitLab < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Multiple Vulnerabilities
GitLab is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...
CVE-2022-3818
creationtimestamp| type| source ---|---|--- 2022-11-10 02:41:24+00:00| seen| https://t.me/cibsecurity/52797...
CVE-2022-3818
CVE-2022-3818 affects GitLab CE/EE with an uncontrolled resource consumption issue during URL parsing, impacting all versions before 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2. The root cause is resource consumption leading to potential DoS; remediation is upgrading to fixed versions (15....
CVE-2022-3818
An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance...
FreeBSD : Gitlab -- Multiple vulnerabilities (16f7ec68-5cce-11ed-9be7-454b1dd82c64)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 16f7ec68-5cce-11ed-9be7-454b1dd82c64 advisory. - Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS wit...
CVE-2021-3818
creationtimestamp| type| source ---|---|--- 2021-09-27 16:35:04+00:00| seen| https://t.me/cibsecurity/29463...