1070 matches found
BIT-GITLAB-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
Linux Distros Unpatched Vulnerability : CVE-2025-11224
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allow...
CVE-2025-2615
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
EUVD-2025-197690
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
CVE-2025-2615
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
UBUNTU-CVE-2025-2615
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
CVE-2025-2615
GitLab CE/EE is affected by CVE-2025-2615. The issue allows a blocked user to access sensitive information by establishing GraphQL subscriptions over WebSocket connections in affected releases: GitLab 16.7 up to but not including 18.3.6; 18.4 up to 18.4.3; and 18.5 up to 18.5.1. Remediation patch...
CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
PT-2025-47050
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 18.3.6 GitLab CE/EE versions 18.4 through 18.4.4 GitLab CE/EE versions 18.5 through 18.5.2 Description A flaw exists in GitLab CE/EE that could allow a blocked user to access sensitive information. This is...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in k8s proxy impacts GitLab CE/EE Incorrect Authorization issue in workflows impacts GitLab EE Information Disclosure issue in GraphQL subscriptions impacts GitLab CE/EE Information Disclosure issue in access control impacts GitLab CE/EE Prompt Injection...
Prototype Pollution
web3-core-subscriptions is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the attachToObject function, which allows an attacker to inject properties into Object.prototype...
CVE-2025-11835
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMSAJAXCheckoutHandler::processpayment function in all versions up t...
CVE-2025-11835 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMSAJAXCheckoutHandler::processpayment function in all versions up t...
CVE-2025-11835
CVE-2025-11835 affects the WordPress plugin “Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction.” The issue arises from a missing capability check and validation in PMS_AJAX_Checkout_Handler::process_payment(), leading to unauthorized data modificatio...
CVE-2025-11835 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMSAJAXCheckoutHandler::processpayment function in all versions up t...
WordPress Paid Membership Subscriptions plugin <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal vulnerability
Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Paid Member Subscriptions versions = 2.16.4...
PT-2025-45067
Name of the Vulnerable Software and Affected Versions Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction versions prior to 2.16.5 Description The plugin is susceptible to unauthorized data modification because of a missing capability and validation...
WordPress plugin Paid Membership Subscriptions 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...