CLEANSTART-2026-GI40937 Security fixes for CVE-2023-5870, CVE-2024-7348, CVE-2025-8713, CVE-2025-8714, CVE-2025-8715 applied in versions: 16.1-r0, 16.2-r0, 16.4-r0, 17.6-r0

Multiple security vulnerabilities affect the postgresql package. These issues are resolved in later releases. See references for individual vulnerability details...

WordPress plugin Tech Life CPT code issue vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

EUVD-2023-54387

Malicious code in bioql PyPI...

CVE-2023-3399

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...

CVE-2022-47745

ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice...

CVE-2024-7102

GitLab CVE-2024-7102 affects GitLab CE/EE versions 16.4 through before 17.5.0, allowing an attacker to trigger a pipeline as another user under certain circumstances. Multiple sources (NVD, Red Hat, Debian, OSV, etc.) corroborate the issue but do not publicly detail the root cause or exploit step...

CVE-2023-3441 Exposure of Sensitive Information Due to Incompatible Policies in GitLab

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches...

GLSA-202409-02 : PostgreSQL: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202409-02 PostgreSQL: Privilege Escalation A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the...

CVE-2024-7348 affecting package postgresql for versions less than 16.4-1

CVE-2024-7348 affecting package postgresql for versions less than 16.4-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2023-6840

CVE-2023-6840 : In GitLab EE, versions 16.4–16.6.6, 16.7–16.7.4, and 16.8–16.8.1 contain a vulnerability that allows a maintainer to rename a protected branch, bypassing the MR-block security policy. Root cause: Figure of authorization control that permits protected-branch name changes by maintai...

UBUNTU-CVE-2023-3909

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

CVE-2023-5825

GitLab CE/EE CVE-2023-5825 affects 16.2–16.3.5, 16.4.0–16.4.1, and 16.5.0 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path, causing memory exhaustion via an infinite loop and Denial of Service. Impact: availability only. Remediation: upgrade to GitLab 16.3...

CVE-2023-5207

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user...

Code injection

An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page...

CVE-2023-4532 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of...

GitLab 15.3 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-4379)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge...

PT-2023-19023 · Apple · Ios +4

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.7.8 iPadOS versions prior to 15.7.8 macOS Monterey versions prior to 12.6.4 iOS versions prior to 16.4 iPadOS versions prior to 16.4 macOS Big Sur versions prior to 11.7.5 Description: The issue allows an app to...

PT-2023-19015 · Apple · Ipados +3

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.3 iOS versions prior to 16.4 iPadOS versions prior to 16.4 iOS versions prior to 15.7.6 iPadOS versions prior to 15.7.6 Description: The issue allows an app to potentially break out of its sandbox. This was...