3509 matches found
Exploit for CVE-2025-7441
CVE-2025-7441 StoryChief - 1.0.42 - Unauthenticated Arbitrary...
CVE-2025-61926
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
FreeBSD : Gitlab -- vulnerabilities (87fdaf3c-a5b5-11f0-98b5-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 87fdaf3c-a5b5-11f0-98b5-2cf05da270f3 advisory. Gitlab reports: Incorrect authorization issue in GraphQL mutations impacts GitLab EE Denial of...
EUVD-2025-33544
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret...
GHSA-33F4-MJCH-7FPR Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
A vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret: https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.goL59 The value used for the secret token was compiled into t...
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
A vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret: https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.goL59 The value used for the secret token was compiled into t...
CVE-2025-61926
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
CVE-2025-61926
Allstar Reviewbot had an authentication bypass via a hard-coded webhook secret. In Allstar versions prior to 4.5, inbound webhook requests were validated against a secret embedded at compile time and not configurable at runtime, causing all deployments using the Reviewbot code path to share the s...
CVE-2025-2934
CVE-2025-2934 affects GitLab CE/EE prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2. An authenticated attacker could induce a denial-of-service by configuring malicious webhook endpoints that send crafted HTTP responses. The issue has been remediated in the patch releases GitLab 18...
CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...
EUVD-2025-33330
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...
CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...
CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...
Allstar 信任管理问题漏洞
Allstar is an Open Source Security Foundation open source security policy software. A trust management issue vulnerability exists in Allstar versions prior to 4.5, which stems from the Reviewbot component using a hard-coded shared key to validate an inbound webhook request, which could lead to a...
PT-2025-41372
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 5.2 through 18.2.8 GitLab CE/EE versions 18.3 through 18.3.4 GitLab CE/EE versions 18.4 through 18.4.2 Description An authenticated attacker could create a denial of service condition by configuring malicious webhook...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 5.2 up to and...
EUVD-2020-22915
Malware in sbrugna...