CVE-2026-40889 Frappe HR has Improper Access Control on Files

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...

CVE-2026-40889

CVE-2026-40889 concerns Frappe HR (HRMS) and describes an Improper Access Control on Files . Before versions 15.58.2 and 16.4.2 , authenticated users could access files they should not be able to view by abusing a vulnerable API endpoint. The affected line items indicate that the vulnerability re...

OpenText Directory Services 安全漏洞

OpenText Directory Services OTDS is an information management solution from OpenText Canada Inc. integrates OpenText products and solutions with the company's enterprise directory infrastructure. A security vulnerability exists in OpenText Directory Services version 16.4.2 through versions prior ...

CVE-2023-4700 Missing Authorization in GitLab

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals...

Design/Logic Flaw

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor...

UBUNTU-CVE-2023-3909

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

CVE-2023-3909 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

CVE-2023-5825

GitLab CE/EE CVE-2023-5825 affects 16.2–16.3.5, 16.4.0–16.4.1, and 16.5.0 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path, causing memory exhaustion via an infinite loop and Denial of Service. Impact: availability only. Remediation: upgrade to GitLab 16.3...

PT-2023-23803 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions prior to 16.3.6 GitLab EE/CE versions 16.4.0 through 16.4.1 GitLab EE/CE versions 16.5.0 Description: An issue has been discovered in GitLab EE/CE that allows attackers to block the Sidekiq job processor. Recommendations...

Adobe InCopy Buffer Overflow Vulnerability (CNVD-2023-05235)

Adobe InCopy is an application from Adobe for professional word processing. Adobe InCopy 17.3 and 16.4.2 and previous versions are vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...

CVE-2022-38414

Adobe InDesign versions 16.4.2 and earlier and 17.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2022-38407

Adobe InCopy version 17.3 and earlier and 16.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interactio...

CVE-2022-38413

Adobe InDesign versions 16.4.2 and earlier and 17.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2022-38403

Adobe InCopy version 17.3 and earlier and 16.4.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious fil...

CVE-2022-28853

Adobe InDesign versions 16.4.2 and earlier and 17.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Design/Logic Flaw

Adobe InDesign versions 16.4.2 and earlier and 17.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context...

Design/Logic Flaw

Adobe InCopy version 17.3 and earlier and 16.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interactio...

Adobe InCopy 缓冲区错误漏洞

Adobe InCopy is an application from Adobe for professional word processing. Adobe InCopy 17.3 and 16.4.2 and previous versions are vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...

Adobe InCopy 缓冲区错误漏洞

Adobe InCopy is an application produced by Adobe for professional word processing. Adobe InCopy 17.3 and 16.4.2 and prior versions contain an out-of-bounds read vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe InCopy 缓冲区错误漏洞

Adobe InCopy is an application produced by Adobe for professional word processing. Adobe InCopy 17.3 and 16.4.2 and previous versions have an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigations such as ASLR and obtain sensitive information...