79 matches found
FreeBSD : Gitlab -- Vulnerabilities (84ce0c0c-7b4e-11f1-9c40-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 84ce0c0c-7b4e-11f1-9c40-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in vulnerability evidence table renderer impacts...
Gitlab -- Vulnerabilities
Gitlab reports: Cross-site Scripting issue in vulnerability evidence table renderer impacts GitLab EE HTML Injection in wiki markup rendering impacts GitLab CE/EE Insufficiently Protected Credentials issue in repository mirroring impacts GitLab EE Improper Access Control issue in work items impac...
CVE-2026-58426
The CVE-2026-58426 affects Gitea, specifically the Actions Artifacts V4 signed URL mechanism, where an HMAC ambiguity enables cross-repository artifact read and cross-task upload-state write. The vulnerability stems from how signed URLs are validated, allowing unauthorized access across repositor...
CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...
pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
Measuring the Permission Gate: A Stress-Test Evaluation of Claude Code's Auto Mode
Claude Code's auto mode is the first deployed permission system for AI coding agents, using a two-stage transcript classifier to gate dangerous tool calls. Anthropic reports a 0.4% false positive rate and 17% false negative rate on production traffic. We present the first independent evaluation o...
CVE-2026-26961 Rack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...
Proving DNSSEC Correctness: A Formal Approach to Secure Domain Name Resolution
The Domain Name System Security Extensions DNSSEC are critical for preventing DNS spoofing, yet its specifications contain ambiguities and vulnerabilities that elude traditional "break-and-fix" approaches. A holistic, foundational security analysis of the protocol has thus remained an open proble...
Detecting Ambiguity Aversion in Cyberattack Behavior to Inform Cognitive Defense Strategies
Adversaries hackers attempting to infiltrate networks frequently face uncertainty in their operational environments. This research explores the ability to model and detect when they exhibit ambiguity aversion, a cognitive bias reflecting a preference for known versus unknown probabilities. We...
Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...
EUVD-2006-3377
Malware in sbrugna...
CVE-2025-59943
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...
EUVD-2024-52848
Malicious code in bioql PyPI...
EUVD-2025-25949
Malicious code in bioql PyPI...
CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...
GHSA-9WJ2-4HCM-R74J phpMyFAQ duplicate email registration allows multiple accounts with the same email
Summary phpMyFAQ does not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause...
phpMyFAQ duplicate email registration allows multiple accounts with the same email
Summary phpMyFAQ does not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause...
CVE-2025-5101
An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of...
BIT-GITLAB-2025-5101 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of...
CVE-2025-5101
An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of...