Discourse Access Control Error Vulnerability (CNVD-2026-17484)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from a Chat::AddUsersToChannel add member that bypasses private...

Discourse 访问控制错误漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from a Chat::AddUsersToChannel add member that bypasses private...

BIT-GITLAB-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

CVE-2025-2615

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

PT-2025-47050

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 18.3.6 GitLab CE/EE versions 18.4 through 18.4.4 GitLab CE/EE versions 18.5 through 18.5.2 Description A flaw exists in GitLab CE/EE that could allow a blocked user to access sensitive information. This is...

EUVD-2019-6556

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-15589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control vulnerability exists in Gitlab v12.3.2, v12.2.6, v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if...

CVE-2019-15589

An improper access control vulnerability exists in Gitlab...

BIT-MEDIAWIKI-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2, which stems from a vulnerability that allows a remotely blocked user to log in and obtain an authentication token by specifying a...

CVE-2023-36655

The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...

UBUNTU-CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

MediaWiki Access Control Error Vulnerability (CNVD-2021-46868)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An Access Control Error vulnerability exists in MediaWiki that stems from improperly restricting access to...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki 1.36 suffers from a security vulnerability that stems from the fact that the search results...

MediaWiki 访问控制错误漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An Access Control Error vulnerability exists in MediaWiki that stems from improperly restricting access to...

MediaWiki License Issues Vulnerability

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An authorization issue vulnerability exists in MediaWiki versions prior to 1.31.12 and versions prior to...

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. One vulnerability makes it impossible for a blocked user to reset the security token reset. This is problematic when the security token falls into wrong hands. The other two vulnerabilities involve a so-called Cross-Site Scripting XSS. MediaWiki has...