CVE-2026-1500

GitLab CE/EE (versions 17.10 prior to 18.10.8, 18.11 prior to 18.11.5, and 19.0 prior to 19.0.2) are affected by CVE-2026-1500. An authenticated user could trigger denial of service via uncontrolled resource consumption when processing a specially crafted file upload. The issue has been remediate...

EUVD-2026-36233

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to cause denial of service due to uncontrolled resource consumption when processing ...

PT-2026-48645

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where an authenticated user can cause a denial of service through uncontrolled resour...

GitLab 17.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-1500)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

Linux Distros Unpatched Vulnerability : CVE-2026-1184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allow...

GitLab 代码问题漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were code-related vulnerabilities in versions of GitLab EE betwee...

EUVD-2017-11833

Malware in sbrugna...

Ascensio System ONLYOFFICE Document Server 安全漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from the Latvian company Ascensio System. The product supports viewing and editing of text, spreadsheets and presentations, among other things. A security vulnerability exists in Ascensio System ONLYOFFICE Document...

CVE-2024-55074

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370...

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS versions prior to v2025.01.01. An attacker can exploit this vulnerability to execute arbitrary code by uploading specially crafted files...

PT-2024-10055 · Lenovo · Lenovo Xclarity Controller

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Controller XCC affected versions not specified Description: A privilege escalation issue was discovered in the SSH captive command shell interface. This could allow an authenticated XCC user with elevated privileges to perform...

PT-2024-10056 · Lenovo · Lenovo Xclarity Controller

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Controller XCC for Lenovo ThinkSystem servers affected versions not specified Description: The issue is related to a lack of neutralization of special elements, which could allow a remote attacker to execute arbitrary commands...

Devellion CubeCart Security Breach

Devellion CubeCart is a free and open source e-commerce shopping cart software from the company of Devellion UK. The software supports selling products, adding/editing products or images in an online store, etc. A security vulnerability exists in Devellion CubeCart v.6.5.5 and earlier versions,...

LyLme Spage Code Issue Vulnerability

LyLme Spage six zero navigation page is China's six zero LyLme open source a navigation page . Committed to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitation of the most valuable links , no commercial...

GHSA-FRGR-C5F2-8QHH Denial of service in Jenkins Core

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 is affected by the Apache Commons FileUpload library’s vulnerability CVE-2023-24998. This library is used to process uploaded files via the Stapler web framework usually through StaplerRequestgetFile and...

UBUNTU-CVE-2018-20149

In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data...

CVE-2016-8938

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications...