123 matches found
CVE-2025-11246 Insufficient Granularity of Access Control in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner...
PT-2026-1693
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.4 through 18.5.4 GitLab CE/EE versions 18.6 through 18.6.2 GitLab CE/EE versions 18.7 through 18.7.0 Description An authenticated user with specific permissions could remove all project runners from unrelated projects ...
GHSA-J4P8-H8MH-RH8Q Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
Impact In self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. This allows a workflow editor to perform actions on the n8n host with...
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
Impact In self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. This allows a workflow editor to perform actions on the n8n host with...
GHSA-62R4-HW23-CC8V n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...
intel-opencl-poc
Intel OpenCL PoC...
CVE-2025-64307
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
CVE-2025-64307
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
EUVD-2025-197666
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
CVE-2025-64307 Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
CVE-2025-64307
The set of connected sources confirms a concrete vulnerability in Brightpick products: the Internal Logic Control web interface allows unauthenticated access, enabling an unauthorized user to manipulate robot control functions (e.g., starting/stopping runners, assigning jobs, clearing stations, d...
PT-2025-47029
Name of the Vulnerable Software and Affected Versions Brightpick versions affected versions not specified Description The Brightpick Internal Logic Control web interface is accessible without user authentication. This allows an unauthorized user to manipulate robot control functions. These...
BIT-GITLAB-2025-11702 Missing Authorization in GitLab
GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects...
CVE-2025-11702
GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects...
CVE-2025-11702
GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects...
UBUNTU-CVE-2025-11702
GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects...
CVE-2025-11702 Missing Authorization in GitLab
GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects...
CVE-2025-11702
GitLab EE versions affected: 17.1–before 18.3.5, 18.4–before 18.4.3, and 18.5–before 18.5.1. An authenticated attacker with specific permissions could hijack project runners from other projects. Remediation: fixed in GitLab patch releases—18.3.5 (for 17.1 line), 18.4.3, and 18.5.1. See referenced...
CVE-2025-11702 Missing Authorization in GitLab
GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects...
EUVD-2025-36603
GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects...