CVE-2025-11865

GitLab EE contains an Incorrect Authorization issue (CVE-2025-11865) that could allow an attacker to remove Duo MFA flows belonging to another user. Affected versions are GitLab EE 18.1–18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2. The root cause is described as improper authorization check...

SUSE CVE-2025-12818

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions...

EUVD-2024-54877

Malicious code in bioql PyPI...

CVE-2025-55202

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

BIT-GITLAB-2024-10219 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

CVE-2025-5819

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

CVE-2025-8770 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers...

CVE-2025-8770 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers...

PT-2025-33054 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 18.1 through 18.1.4 GitLab CE/EE versions 18.2 through 18.2.2 Description: An issue exists in GitLab CE/EE that allows authenticated users to take control of accounts by injecting malicious HTML into work item names...

PT-2024-22332 · Drawio +1 · Drawio +1

Name of the Vulnerable Software and Affected Versions: OpenOlat versions prior to 18.1.6 OpenOlat versions prior to 18.2.2 Description: OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using...

AzeoTech DAQFactory 代码问题漏洞

DAQFactory is a software and application development platform that provides a variety of tools that allow you to easily create HMI/SCADA applications. A deserialization vulnerability exists in DAQFactory 18.1 Build 2347 and earlier versions. An attacker can exploit this vulnerability to corrupt...

CVE-2019-3762

Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid...

Unspecified Vulnerability in Oracle Banking Digital Experience

Oracle Banking Digital Experience delivers enterprise-grade, open, modern and scalable digital banking solutions that enable banks to rapidly roll out digital capabilities without changing their existing core banking platforms. A security vulnerability exists in the Loan Calculator component in...

Oracle Banking Digital Experience CVE-2019-3019 Remote Security Vulnerability

Description Oracle Banking Digital Experience is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Loan Calculator' component is affected. This vulnerability affects the following supported versions: 18.1, 18.2, 18.3, 19.1 Technologies...

CVE-2019-0011

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface such as fxp0, me0, em0, vme0 destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service...