9 matches found
GHSA-M3C4-PRHW-MRX6 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass
Summary A prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing for...
EUVD-2022-0362
Malicious code in bioql PyPI...
PT-2025-15979 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.1 through 17.8.6 GitLab EE versions 17.9 through 17.9.5 GitLab EE versions 17.10 through 17.10.3 Description: An issue has been discovered in GitLab EE that allows attackers to perform targeted searches with sensitive...
PT-2025-13799 · Unknown · Tuleap Enterprise Edition +1
Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 16.5.99.1742812323 Tuleap Enterprise Edition versions prior to 16.5-6 and 16.4-10 Description: The issue allows an attacker to access release notes content or information via the FRS REST endpoints...
PT-2024-8746 · Siemens · Tecnomatix Plant Simulation +1
Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Teamcenter Visualization versions prior to V2406.0005 Tecnomatix Plant Simulatio...
PT-2024-4134 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 13.2.4 through 16.10.5 GitLab versions 16.11 through 16.11.2 GitLab versions 17.0 through 17.0.0 Description: An authorization issue exists where an authenticated attacker could utilize a crafted naming convention to bypass...
PT-2024-23876 · WordPress · Webtoffee Wordpress Comments Import & Export
Name of the Vulnerable Software and Affected Versions: WebToffee WordPress Comments Import & Export versions 2.3.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...
PT-2023-14190 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.1 through 15.7.7 GitLab EE versions 15.8 through 15.8.3 GitLab EE versions 15.9 through 15.9.1 Description: An issue has been discovered in GitLab EE. If a group with SAML SSO enabled is transferred to a new namespace as...
PT-2021-6615 · Node.Js +6 · Node.Js +6
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 16.6.0 Node.js versions prior to 14.17.4 Node.js versions prior to 12.22.4 Description: The issue is related to the Node.js dns library, which lacks proper input validation of host names returned by Domain Name...