Lucene search
+L

79 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.6 views

FreeBSD : Gitlab -- Vulnerabilities (84ce0c0c-7b4e-11f1-9c40-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 84ce0c0c-7b4e-11f1-9c40-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in vulnerability evidence table renderer impacts...

8.7CVSS7AI score0.00282EPSS
Exploits0References10
FreeBSD
FreeBSD
added 2026/07/08 12:0 a.m.5 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting issue in vulnerability evidence table renderer impacts GitLab EE HTML Injection in wiki markup rendering impacts GitLab CE/EE Insufficiently Protected Credentials issue in repository mirroring impacts GitLab EE Improper Access Control issue in work items impac...

8.7CVSS5.9AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 8:54 p.m.19 views

CVE-2026-58426

The CVE-2026-58426 affects Gitea, specifically the Actions Artifacts V4 signed URL mechanism, where an HMAC ambiguity enables cross-repository artifact read and cross-task upload-state write. The vulnerability stems from how signed URLs are validated, allowing unauthorized access across repositor...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:54 p.m.4 views

CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/20 6:31 p.m.16 views

pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS5.2AI score0.00144EPSS
Exploits0References6Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.5 views

Measuring the Permission Gate: A Stress-Test Evaluation of Claude Code's Auto Mode

Claude Code's auto mode is the first deployed permission system for AI coding agents, using a two-stage transcript classifier to gate dangerous tool calls. Anthropic reports a 0.4% false positive rate and 17% false negative rate on production traffic. We present the first independent evaluation o...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/04/02 4:42 p.m.19 views

CVE-2026-26961 Rack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

3.7CVSS0.00253EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.6 views

Proving DNSSEC Correctness: A Formal Approach to Secure Domain Name Resolution

The Domain Name System Security Extensions DNSSEC are critical for preventing DNS spoofing, yet its specifications contain ambiguities and vulnerabilities that elude traditional "break-and-fix" approaches. A holistic, foundational security analysis of the protocol has thus remained an open proble...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/08 12:0 a.m.7 views

Detecting Ambiguity Aversion in Cyberattack Behavior to Inform Cognitive Defense Strategies

Adversaries hackers attempting to infiltrate networks frequently face uncertainty in their operational environments. This research explores the ability to model and detect when they exhibit ambiguity aversion, a cognitive bias reflecting a preference for known versus unknown probabilities. We...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/11/26 7:33 p.m.8 views

Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...

7.5CVSS7.1AI score0.00296EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-3377

Malware in sbrugna...

7.5CVSS6.4AI score0.02575EPSS
Exploits1References5
NVD
NVD
added 2025/10/03 9:15 p.m.7 views

CVE-2025-59943

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...

9.8CVSS0.00388EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-52848

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00511EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25949

Malicious code in bioql PyPI...

5CVSS6.3AI score0.0012EPSS
Exploits0References2
OSV
OSV
added 2025/10/03 8:6 p.m.10 views

CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...

8.1CVSS7AI score0.00388EPSS
Exploits1References4
OSV
OSV
added 2025/10/03 2:52 p.m.8 views

GHSA-9WJ2-4HCM-R74J phpMyFAQ duplicate email registration allows multiple accounts with the same email

Summary phpMyFAQ does not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause...

8.1CVSS7.6AI score0.00388EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/10/03 2:52 p.m.10 views

phpMyFAQ duplicate email registration allows multiple accounts with the same email

Summary phpMyFAQ does not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause...

9.8CVSS7.6AI score0.00388EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.4 views

CVE-2025-5101

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of...

5CVSS6.8AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2025/08/30 9:4 a.m.7 views

BIT-GITLAB-2025-5101 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of...

5CVSS6.8AI score0.0012EPSS
Exploits0References3
NVD
NVD
added 2025/08/27 8:15 p.m.5 views

CVE-2025-5101

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of...

5CVSS0.0012EPSS
Exploits0References2
Rows per page
Query Builder