CVE-2021-22187

An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted...

CVE-2021-22233

An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details...

CVE-2021-22229

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...

CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

CVE-2022-37396

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution...

CVE-2022-0373

Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address...

CVE-2022-0125

An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a...

CVE-2024-39303

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a...

CVE-2023-49675

An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability...

CVE-2023-4697

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...

CVE-2021-2258

Vulnerability in the Oracle Projects product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Projects...

CVE-2021-2254

Vulnerability in the Oracle Project Contracts product of Oracle E-Business Suite component: Hold Management. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Contracts...

CVE-2021-22215

An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects...

CVE-2021-22650

An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution...

CVE-2025-23705

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry Zielke Zielke Design Project Gallery zielke-design-project-gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through = 2.5.0...

CVE-2025-23497

Cross-Site Request Forgery CSRF vulnerability in albdesign Simple Project Manager simple-project-managment allows Stored XSS.This issue affects Simple Project Manager: from n/a through = 1.2.2...

CVE-2025-40759

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 All versions, SIMATIC STEP 7 V17 All versions V17 Update 9, SIMATIC STEP 7 V18 All versions, SIMATIC STEP 7 V19 All versions V19 Update 4, SIMATIC STEP 7 V20 All versions V20 Update 4, SIMATIC WinCC V17 All versions V17 Update 9, SIMATI...

CVE-2022-33320

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...

CVE-2022-31004

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

CVE-2024-39888

A vulnerability has been identified in Mendix Encryption All versions = V10.0.0 V10.0.2. Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an...