11 matches found
UBUNTU-CVE-2026-7481
GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...
BIT-GITLAB-2026-4332 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...
CVE-2026-0602
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...
BIT-GITLAB-2025-14594 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API...
Server-side Request Forgery (SSRF)
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the uploadViaURL function in the attachments.service.ts file. An attacker can trigger outbound requests to arbitrary URLs by supplying crafted input to the process before validatio...
BIT-GITLAB-2025-12734 Improper Encoding or Escaping of Output in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certain conditions, render content in dialogs to other users by injecting malicious HTML content into...
CVE-2024-9183 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific...
CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...
EUVD-2020-17380
Malware in sbrugna...
EUVD-2020-28609
Malware in sbrugna...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Jdom-1.0
Summary A vulnerability has been identified in Jdom version 1.0, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a...