CVE-2022-4002

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request...

CVE-2024-1222

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls...

CVE-2024-0964

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

CVE-2025-23202

Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The FetchVerse and FetchPassage functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to...

CVE-2025-23202

The CVE-2025-23202 entry concerns the Bible Module for ROBLOX. The vulnerable components are the FetchVerse and FetchPassage functions, which lack input validation, enabling injection attacks that could manipulate API request URLs and potentially lead to unauthorized access or data tampering. The...

Astra Linux – Vulnerability in docker.io-app

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The likelihood of this being exploited...

CVE-2024-20531

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery SSRF attack through an affected device. To exploit this vulnerability, the attacker woul...

CVE-2024-20531

Cisco Identity Services Engine (ISE) API is affected by an XXE-based vulnerability in XML input handling, allowing an authenticated remote attacker with Super Admin credentials to read arbitrary OS files and perform SSRF. Root cause: improper XML External Entity processing in the API. Exploitatio...

CVE-2024-20528 Cisco Identity Services Engine Path Traversal Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. This vulnerability is due to...

CVE-2024-47653

This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to...

CVE-2024-7554

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

CVE-2024-7554

CVE-2024-7554 affects GitLab CE/EE: all versions from 13.9 before 17.0.6, all 17.1 before 17.1.4, and all 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged via a specific API request pattern (confidentiality impact high; no integrity/availability impact reported). T...

CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the possibility th...

GitLab 13.9 < 17.0.6 / 17.1 < 17.1.4 / 17.2 < 17.2.2 (CVE-2024-7554)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Unde...

CVE-2022-4002

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request...

CVE-2022-4002

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request...

CVE-2022-4003

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request...