5 matches found
CVE-2026-33229
XWiki Platform is affected by a remote-code-execution vulnerability due to an improperly protected scripting API that lets users with script right bypass the Velocity sandbox and run arbitrary code (e.g., Python scripts). This can grant full access to the XWiki instance, compromising confidential...
UBUNTU-CVE-2024-12619
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects...
UBUNTU-CVE-2024-10307
An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request...
UBUNTU-CVE-2025-2255
An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks XSS. for AppSec...
GitLab 代码注入漏洞
GitLab is an open source, end-to-end software development platform from US-based GitLab with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A code injection vulnerability exists in GitLab versions prior to 17.10.1,...