46 matches found
CVE-2025-1908
An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...
EUVD-2025-12125
Malicious code in bioql PyPI...
EUVD-2022-36161
Malicious code in bioql PyPI...
Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab
CVE-2023-7028 | Account-Take-Over Gitlab Disclamer This c...
CVE-2022-33106
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over...
CVE-2021-43991
The Kentico Xperience CMS version 13.0 β 13.0.43 is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous...
BIT-GITLAB-2025-1908 Business Logic Errors in GitLab
An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...
CVE-2025-1908 Business Logic Errors in GitLab
An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...
CVE-2025-1908
GitLab CVE-2025-1908 affects GitLab EE/CE. The issue could allow an attacker to track usersβ browsing activities, potentially enabling full account takeover. Affected versions are 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Root-cause details and remediation/fix informatio...
GitLab 16.6 < 17.9.7 / 17.10 < 17.10.5 / 17.11 < 17.11.1 (CVE-2025-1908)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before...
CVE-2024-45586 Account Take Over Vulnerability
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...
Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab
CVE-2023-7028 | Account-Take-Over Gitlab Disclamer This co...
Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over Exploit
Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to the target server'...
Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab
CVE-2023-7028 | Account-Take-Over Gitlab Disclamer This co...
Account Take Over
gitlab is vulnerable to Account Take Over. The vulnerability is caused due to a missing validation of email addresses provided while resetting account passwords. An attacker can exploit this vulnerability to send reset emails to an unverified email address and can effectively reset the...
Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab
CVE-2023-7028 | Account-Take-Over Gitlab Disclamer This co...
Attackers demand ransoms for stolen LinkedIn accounts
An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts. Whether the attackers are using brute force methods or credential stuffing isn't known, but because some victims are being being locked out...
Old Age Home Management 1.0 SQL Injection
Title: Old Age Home Management-2022-2023-1.0 SQLi-Bypass-Authentication-Account-Take-Over Author: nu11secur1ty Date: 04.29.2023 Vendor: BY ANUJ KUMAR, https://phpgurukul.com/author/anujk305/ Software: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/googlevignette...
CVE-2022-33106
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over...
Default credentials
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over...