EUVD-2025-24600

Malicious code in bioql PyPI...

BIT-GITLAB-2025-6186 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

CVE-2025-6186

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

GitLab 18.1 < 18.1.4 / 18.2 < 18.2.2 (CVE-2025-6186)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting...

UBUNTU-CVE-2025-6186

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

CVE-2025-6186

CVE-2025-6186 affects GitLab CE/EE: all versions from 18.1 before 18.1.4 and 18.2 before 18.2.2. The issue allows authenticated users to potentially take over accounts by injecting malicious HTML into work item names. Connected sources (OSV entries) confirm the same description and affected versi...

CVE-2025-6186 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

CVE-2025-6186 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

PT-2025-33054 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 18.1 through 18.1.4 GitLab CE/EE versions 18.2 through 18.2.2 Description: An issue exists in GitLab CE/EE that allows authenticated users to take control of accounts by injecting malicious HTML into work item names...

CVE-2024-56175

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names...

CVE-2022-34619

A stored cross-site scripting XSS vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field...

CVE-2024-56175

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names...

CVE-2023-38687 Execution of arbitrary JavaScript from Svelecte item names

Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...

PT-2023-26551 · Svelecte · Svelecte

Name of the Vulnerable Software and Affected Versions: Svelecte versions prior to 3.16.3 Description: Svelecte item names are rendered as raw HTML with no escaping, allowing the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever ...

Cross Site Scripting in nilsteampassnet/teampass

nilsteampassnet/teampass prior to version 3.0.7 is vulnerable to cross site scripting XSS from item names within a folder...

GHSA-2FFP-W665-9MGX Cross Site Scripting in nilsteampassnet/teampass

nilsteampassnet/teampass prior to version 3.0.7 is vulnerable to cross site scripting XSS from item names within a folder...

PT-2023-19945 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: teampass versions prior to 3.0.7 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation, allowing attackers to inject maliciou...

Mealie 跨站脚本漏洞

Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A cross-site scripting vulnerability exists in Mealie version v0.5.5. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into...

Atlassian Jira 权限许可和访问控制问题漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage various types of issues and defects in the workplace. A privilege permission and access control issue vulnerability exists in Atlassian Jira Server and Data Center, which stems...

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...