Lucene search
K

7840 matches found

Github Security Blog
Github Security Blog
added 2025/09/02 4:38 p.m.14 views

Local Deep Research's API keys are stored in plain text

Affected Versions: 0.2.0 and = 1.0.0 Description: The library stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the...

6.9CVSS6.4AI score0.00065EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2025/09/02 5:51 a.m.7 views

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

7.5CVSS5.8AI score0.00669EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/01 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2013-7108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticate...

5.5CVSS7.6AI score0.59546EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.6 views

CVE-2025-2246

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

5.8CVSS6.6AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2025/08/30 9:3 a.m.12 views

BIT-GITLAB-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

5.8CVSS6.6AI score0.00257EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-2069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions...

6.4CVSS5.5AI score0.00811EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-5898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parsevariablesoption of the...

5.3CVSS5.4AI score0.00139EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-26235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific...

5.3CVSS6.1AI score0.01881EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-0989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allow...

5.7CVSS5.9AI score0.00429EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/08/28 4:54 p.m.3 views

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

7.5CVSS5.8AI score0.00669EPSS
Exploits0References5
NVD
NVD
added 2025/08/27 8:15 p.m.14 views

CVE-2025-2246

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

5.8CVSS0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/27 7:34 p.m.22 views

CVE-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

5.8CVSS0.00257EPSS
Exploits0References2
OSV
OSV
added 2025/08/27 7:34 p.m.8 views

CVE-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

5.8CVSS6.5AI score0.00257EPSS
Exploits0References5
CVE
CVE
added 2025/08/27 7:34 p.m.45 views

CVE-2025-2246

Technical details about CVE-2025-2246 are not publicly provided in the connected documents; no confirmed affected products, versions, or fixes are documented here. Monitor for updates.

5.8CVSS6.7AI score0.00257EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/27 7:34 p.m.4 views

CVE-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

5.8CVSS6.7AI score0.00257EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/08/27 7:34 p.m.5 views

CVE-2025-2246

Removed by vendor...

5.8CVSS5.8AI score0.00257EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.13 views

PT-2025-34931 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions prior to 18.3.1 Description: An issue exists in GitLab CE/EE that allows unauthenticated users to access sensitive manual CI/CD variables by...

5.8CVSS6.2AI score0.00257EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-22252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should onl...

6.5CVSS6.5AI score0.01126EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

GitLab < 18.1.5 / 18.2 < 18.2.5 / 18.3 < 18.3.1 (CVE-2025-2246)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual...

5.8CVSS5.5AI score0.00257EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-0741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted...

7.5CVSS7.2AI score0.01419EPSS
Exploits0References2
Rows per page
Query Builder