CVE-2026-2995

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...

CVE-2026-2995

Removed by vendor...

GitLab 15.4 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-2995)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email...

PT-2026-27992

Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.4 through 18.8.6 GitLab EE versions 18.9 through 18.9.2 GitLab EE versions 18.10 through 18.10.0 Description An authenticated user could add email addresses to targeted user accounts due to improper sanitization of HTML...

EUVD-2025-37225

Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor Authentication 2FA implementation. The application did not properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts, allowing a remote attacker to repeatedly try...

CVE-2024-58260

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts...

CVE-2023-6912

Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords...

Mail.ru: Brute-force any email account through allods.mail.ru

!!! Полная версия отчета со скриншотами находится во вложенном PDF-файле. Vulnerability Technical description ========================= По адресу https://allods.mail.ru/account.php находится форма регистрации нового пользователя в игре. В процессе заполнения формы, посылается Ajax POST-запрос в...

Yahoo to Warn Users of State-Sponsored Attacks

Yahoo has announced it will follow in the footsteps of Twitter and Facebook and begin warning users when it believes their accounts have been targeted by a state-sponsored actor. Bob Lord, who was hired as the company’s new CISO in October, discussed the initiative in a blog post Monday. Lord sai...