99 matches found
CVE-2026-3073
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...
CVE-2026-40471 Hackage CSRF vulnerability
hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative actions. Some unauthenticated actions could also be abus...
CVE-2026-40470
A critical XSS vulnerability (CVE-2026-40470) affected hackage-server and hackage.haskell.org . HTML/JavaScript from source packages or documentation uploads were served directly on the main domain, enabling an attacker with malicious upload to hijack latent HTTP credentials and perform actions t...
Anviz CX7和Anviz CX2 Lite 安全漏洞
Both Anviz CX7 and Anviz CX2 Lite are products of the American company Anviz. The Anviz CX7 is a smart terminal device integrated with biometric identification and access control functions. The Anviz CX2 Lite is also a smart terminal device that integrates face recognition and access control...
CVE-2026-23940
Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result in a denial of...
BIT-KIBANA-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...
BIT-ELK-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...
EUVD-2025-203357
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...
CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...
CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...
CVE-2025-37732
CVE-2025-37732 is a Kibana Cross-site Scripting (XSS) vulnerability via the Integration Package Upload Functionality. The root cause is improper neutralization of input during web page generation (CWE-79). An authenticated user can cause HTML tags to be rendered in a user’s browser, leading to HT...
Kibana 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-28)
Kibana Cross-site Scripting via the Integration Package Upload Functionality ESA-2025-28 Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render an HTML page within a user’s browser via the integration package upload...
PT-2025-51213
Name of the Vulnerable Software and Affected Versions versions prior to ESA-2025-17 Description An authenticated user can inject HTML tags into a user’s browser through the integration package upload functionality due to improper input neutralization during web page generation. This allows for...
CVE-2025-13428
CVE-2025-13428 affects the SecOps SOAR server. The vulnerability arises from weak validation of uploaded Python package code in custom integrations, allowing an authenticated user with an IDE role to achieve Remote Code Execution (RCE) via a malicious setup.py during installation. Impact is serve...
EUVD-2020-18952
Malware in sbrugna...
EUVD-2019-6683
Malware in sbrugna...
EUVD-2020-5558
Malware in sbrugna...
EUVD-2020-7512
Malware in sbrugna...
EUVD-2022-34783
Malicious code in bioql PyPI...