CVE-2025-6769

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces...

CVE-2025-1250

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...

CVE-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...

CVE-2025-1250

Summary (CVE-2025-1250) : A vulnerability in GitLab CE/EE affects versions 15.0 through 18.1.5, 18.2 through 18.2.5, and 18.3 through 18.3.1 that could allow an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes...

CVE-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...

CVE-2025-6769 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces...

CVE-2025-6769 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces...

CVE-2025-6769

GitLab CE/EE (versions 15.1–18.1.5, 18.2–18.2.5, 18.3–18.3.1) are affected by CVE-2025-6769. In affected builds, an authenticated user could view administrator-only maintenance notes by accessing runner details through specific interfaces. The public descriptions indicate the issue enabled exposu...

CVE-2025-6769 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces...

PT-2025-37290

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An issue exists in GitLab CE/EE that could allow an authenticated user to disrupt background job...

PT-2025-37293

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.1 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An issue exists in GitLab CE/EE that could allow authenticated users to view administrator-only...

CVE-2025-59039

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

ExploitNotes

It is an offline collection of notes and examples for exploit...

CVE-2025-59039

The CVE-2025-59039 incident concerns Prebid Universal Creative (PUC), a JavaScript API used to render multiple formats. NPM users of PUC 1.17.3 or the latest release were briefly affected by crypto-related malware, including via the popular jsDelivr hosting of the PUC file. In response, maintaine...

CVE-2025-59039 Prebid Universal Creative on npm briefly compromised

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

CVE-2025-59039 Prebid Universal Creative on npm briefly compromised

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

pwnshop

pwnshop Notes, cheatsheets, shellcode and exploits. Progress: - Utility - Object/Executable file to shellcode converter script: code - Utility - Assembly and link script : code - Utility - Shellcode testing skeleton generator : code - Exit syscall asm: code - Write syscall "Hello world!": code -...

Malicious code in pandas-cookbook-code-notes (npm)

The package pandas-cookbook-code-notes was found to contain malicious code...

MAL-2025-45503 Malicious code in pandas-cookbook-code-notes (npm)

The package pandas-cookbook-code-notes was found to contain malicious code...

OESA-2025-2174 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 3 Summary: A...