UBUNTU-CVE-2025-13874

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

EUVD-2025-209834

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

CVE-2025-13874

CVE-2025-13874 affects GitLab CE/EE campaigns: all versions from 15.1 prior to 18.9.7, 18.10 prior to 18.10.6, and 18.11 prior to 18.11.3 could allow an authenticated user with Guest permissions to view issues in projects they were not authorized to access. The issue is described as an Authorizat...

CVE-2026-3115

A flaw was found in Mattermost. Authenticated guest users can exploit this vulnerability by retrieving group member IDs through the group retrieval endpoint. This failure to apply view restrictions allows them to enumerate user IDs that are outside their permitted visibility scope, leading to...

F5 Networks BIG-IP : BIG-IP SMTP configuration security exposure (K000156643)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000156643 advisory. An authenticated attacker granted the guest role on a BIG-IP system can modify theSMTP Server Host...

PT-2025-38729

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.15.5 Description The web interface of the device contains a flaw that allows information disclosure. An authenticated attacker, even with limited privileges such as a guest account, can obtain hashed passwords for admin,...

CVE-2024-34520

The CVE-2024-34520 issue affects the Mavenir SCE Application Provisioning Portal (PORTAL-LBS-R_1_0_24_0). The vulnerability is an authorization bypass in which an authenticated guest can perform unauthorized administrative actions (e.g., access to the create/add user functionality) by bypassing c...

CVE-2022-29474

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at...

VulnCheck KEV: CVE-2020-1040

Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system...

CVE-2020-16891

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...

CVE-2020-1043

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-103...

CVE-2020-1041

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-103...

CVE-2020-1042

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-103...

CVE-2020-0910

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'...

CVE-2019-1471

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'...

CVE-2019-0721

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719...

CVE-2019-0965

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...

PT-2019-2970 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: A remote code execution issue exists due to insufficient input validation in the Windows Hyper-V Network Switch. This allows a remote attacker, acting as an authenticated user on a...

CVE-2019-0620

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...

CVE-2019-0635

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'...