CVE-2025-12029 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious...

FreeBSD : Gitlab -- vulnerabilities (c6c9306e-d645-11f0-8ce2-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c6c9306e-d645-11f0-8ce2-2cf05da270f3 advisory. Gitlab reports: Cross-site scripting issue in Wiki impacts GitLab CE/EE Improper encoding in...

Linux Distros Unpatched Vulnerability : CVE-2021-39910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all version...

Swagger UI 1.0.3 Cross Site Scripting

Proof of concept cross site scripting exploit for Swagger UI versions 1.0.3 and below...

VulnCheck KEV: CVE-2024-7314

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...

Swagger UI Security Vulnerability

Swagger UI is an open source tool that supports visualizing and being able to interact with API resources. A security vulnerability exists in Swagger UI versions prior to v2.1.0, which stems from the default swagger-ui configuration exposing all files in the module...

@0x0c/nestjs-swagger (>=6.1.5 <=6.3.1), @1creator/backend (>=1.1.17 <=1.2.151) +1107 more potentially affected by CVE-2021-46708 via swagger-ui-dist (>=3.0.17 <=4.1.2)

swagger-ui-dist NPM version =3.0.17, =6.1.5, =1.1.17, =1.1.0-beta.1, =15.0.0, =0.1.0-alpha.1, =0.2.4, =1.2.0, =3.7.0, =1.0.0, =1.0.0, =1.0.0, =1.7.8, =2.2.2, =2.5.0 and more Source cves: CVE-2021-46708 Source advisory: OSV:GHSA-6C9X-MJ3G-H47X...

cc.akkaha:asura-play_2.12 (>=0.5.0 <=0.6.0), cc.akkaha:pea_2.12 (>=0.1.0 <=0.5.0) +222 more potentially affected by CVE-2019-17495 via org.webjars:swagger-ui (>=2.0.17 <=3.23.0)

org.webjars:swagger-ui MAVEN version =2.0.17, =0.5.0, =0.1.0, =3.2.3, =0.0.1, =0.5.0, =0.19.0, =0.20.0, =0.19.0, =0.19.0, =0.19.0, =1.0.0-beta-21, =1.0.0-beta-21, =0.1.1, =0.229, =0.229, =0.269 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...