Nozomi Networks CMC和Nozomi Networks Guardian 安全漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have security...

org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

BIT-GITLAB-2025-6171 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...

EUVD-2025-197692

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...

UBUNTU-CVE-2025-6171

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...

CVE-2025-6171

GitLab CVE-2025-6171 is a disclosed vulnerability in GitLab CE/EE that allowed an authenticated user with reporter access to view branch names and pipeline details via the Packages API endpoint even when repository access was disabled. Affected versions run from 13.2 up to before 18.3.6, 18.4 up ...

CVE-2025-6171 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...

EUVD-2020-5547

Malware in sbrugna...

MAL-2025-33150 Malicious code in shopify_minitest_reporters (npm)

The package shopifyminitestreporters was found to contain malicious code...

HackerOne: Access to limited confidential information of private program as a Ex-reporter, Report Participant(external user) & Ex-staff member

The report described a vulnerability that allowed access to limited confidential information of a private program by ex-reporters, report participants, and ex-staff members of the program. The vulnerability was due to an endpoint that exposed details about the private program, including its...

BIT-GITLAB-2020-13287

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues...

GHSA-XGPM-Q3MQ-46RQ PrestaShop some attribute not escaped in Validate::isCleanHTML method

Description Some event attributes are not detected by the isCleanHTML method Impact Some modules using the isCleanHTML method could be vulnerable to xss Patches 8.1.3, 1.7.8.11 Workarounds The best workaround is to use the HTMLPurifier library to sanitize html input coming from users. The library...

PrestaShop some attribute not escaped in Validate::isCleanHTML method

Description Some event attributes are not detected by the isCleanHTML method Impact Some modules using the isCleanHTML method could be vulnerable to xss Patches 8.1.3, 1.7.8.11 Workarounds The best workaround is to use the HTMLPurifier library to sanitize html input coming from users. The library...

UBUNTU-CVE-2023-2233

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects...

CVE-2023-41336: symfony/ux-autocomplete Prevent injection of invalid entity ids for "autocomplete" fields

Affected Versions Versions 2.11.1 are of the symfony/ux-autocomplete package are affected by this security issue. Description Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that...

Brocade Product Security Incident Response Team Contact Information

Brocade Communications Systems Brocade is committed to resolving vulnerabilities to meet the needs of its customers and the broader technology community. Brocade Product Security Incident Response Team Brocade PSIRT is a global team that manages the receipt, investigation and internal coordinatio...

Malicious code in mocha-junit-reporters-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36310669cb81042359b5d17259bddbe5ae2c47e98223446020c5be918f3b39e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4655 Malicious code in mocha-junit-reporters-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36310669cb81042359b5d17259bddbe5ae2c47e98223446020c5be918f3b39e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Stripe: CSRF token validation system is disabled on Stripe Dashboard

@dsharad discovered that due to a code change deployed on 2/14/2022, Cross Site Request Forgery CSRF protection was disabled in the Stripe Dashboard. This could have allowed an attacker to trick a victim user to visit a malicious website and cause limited changes to the victim’s Stripe account su...

NSO Group Spyware Targeted Dozens of Reporters in El Salvador

The newly disclosed campaign shows how little the company has done to curb abuses of its powerful surveillance tools...