CVE-2024-8650

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

UBUNTU-CVE-2024-8650

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

CVE-2024-8650

CVE-2024-8650 affects GitLab CE/EE. Versions: 15.0 up to but not including 17.4.6; 17.5 up to but not including 17.5.4; 17.6 up to but not including 17.6.2. The issue allows non-member users to view unresolved threads marked as internal notes in public project merge requests. Root cause or code-l...

CVE-2024-8650 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

CVE-2024-8650 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

CVE-2024-8650 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

GitLab 15.0 < 17.4.6 / 17.5 < 17.5.4 / 17.6 < 17.6.2 (CVE-2024-8650)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked...

CVE-2022-46795

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2...

CVE-2022-46795

Summary of CVE-2022-46795 (Print Invoice & Delivery Notes for WooCommerce) Issue: A Missing Authorization vulnerability allows exploitation of misconfigured access control in the WordPress plugin Print Invoice & Delivery Notes for WooCommerce (versions &lt;= 4.7.2). Root cause: Inadequate authori...

Important: Red Hat Security Advisory: Red Hat Ceph Storage 8.0 security update

An update is now available for Red Hat Ceph Storage 8.0. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages...

Important: Red Hat Security Advisory: Updated 8.0 container image is now available in the Red Hat Ecosystem Catalog.

Updated rhceph-8.0 container image is now available in the Red Hat Ecosystem Catalog. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support...

CVE-2024-12004

The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajaxupdateordernote function. This makes it possible for unauthenticated attackers to injec...

CVE-2024-12004

CVE-2024-12004 affects WPC Order Notes for WooCommerce (WordPress). The issue is Cross-Site Request Forgery due to missing/incorrect nonce validation in ajax_update_order_note(), enabling unauthenticated attackers to induce an admin action that could inject script. The CVE is considered active pe...

CVE-2024-12004 WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajaxupdateordernote function. This makes it possible for unauthenticated attackers to injec...

CVE-2024-12004 WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajaxupdateordernote function. This makes it possible for unauthenticated attackers to injec...

Gitlab -- Vulnerabilities

Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response could lead to ATO abusing OAuth flows Denial of Service by repeatedly sending unauthenticated requests for diff-files CIJOBTOKEN could be used to obtain GitLab session Open redirect in releases API...

WordPress plugin WPC Order Notes for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress WPC Order Notes for WooCommerce plugin <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WPC Order Notes for WooCommerce versions = 1.5.2...

GHSA-GVF2-2F4G-JQF4 Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to...

Moodle Remote Code Execution (CVE-2024-43425)

This module exploits a command injection vulnerability in Moodle CVE-2024-43425 to obtain remote code execution. Affected versions include 4.4 to 4.4.1, 4.3 to 4.3.5, 4.2 to 4.2.8, 4.1 to 4.1.11, and earlier unsupported versions. Module Options msf use exploit/linux/http/moodlerce msf...