55 matches found
CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
PT-2026-5212
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. Non-admin moderators can view...
EUVD-2022-51695
Malicious code in bioql PyPI...
EUVD-2023-12839
Malicious code in bioql PyPI...
Improper Check or Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions in the /api/webhook endpoint. An attacker can cause the server process to crash by sending an Azure DevOps Push event with an empty resource.refUpdates array. Note: This is only...
Linux Distros Unpatched Vulnerability : CVE-2022-4342
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all version...
Linux Distros Unpatched Vulnerability : CVE-2023-2620
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions...
CVE-2022-4342
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook...
Gitlab -- Vulnerabilities
Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...
CVE-2023-0838
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab Community Edition and GitLab Enterpri...
GitLab < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4342)
The version of GitLab installed on the remote host is prior to 15.5.7, 15.6.4, 15.7.2. It is, therefore, affected by an information disclosure vulnerability as referenced in the SECURITY-RELEASE-GITLAB-15-7-2-RELEASED advisory. - An issue has been discovered in GitLab CE/EE affecting all versions...
CVE-2022-4342
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook...
CVE-2022-4342
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook...
CVE-2022-4342
Removed by vendor...