EUVD-2026-38364

Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can injec...

CVE-2025-60427

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

EUVD-2025-35203

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

CVE-2025-28962

Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics advanced-google-universal-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Universal Analytics: from n/a through = 1.0.3...

The software’s vulnerability regarding access to analytics and planning tools within the IBM Analytics Content Hub, due to deficiencies in the error reporting mechanism, allows a perpetrator to gain access to confidential information.

The vulnerability of the software for accessing analytics and planning tools in the IBM Analytics Content Hub is related to deficiencies in the reporting mechanism for errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to confidential...

GitLab 17.7.0 < 17.7.6 / 17.8 < 17.8.4 / 17.9 < 17.9.1 (CVE-2025-2045)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive...

FreeBSD : Gitlab -- Vulnerabilities (8fb9101e-f58a-11ef-b4e4-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8fb9101e-f58a-11ef-b4e4-2cf05da270f3 advisory. Gitlab reports: XSS in k8s proxy endpoint XSS Maven Dependency Proxy HTML injection leads to X...

Always-Incorrect Control Flow Implementation

gradio is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to the improper handling of the enablemonitoring flag. An attacker can access sensitive application analytics by directly requesting the /monitoring endpoint...