57329 matches found
CVE-2025-14592 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...
CVE-2025-14592
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...
CVE-2026-1080 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...
CVE-2026-1080
GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...
CVE-2026-1080 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...
Authorization Bypass Through User-Controlled Key
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Admin API when the Organizations feature is enabled...
Security update for python-urllib3
This update for python-urllib31 fixes the following issues: CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866...
Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution
Description Analyzed project version: MLflow 3.9.0 /version, commit 6e61043b0ff5d845bea479d7e7ea24dcd4b2c629. In MLflow 3.9.0, a new feature called MLflow Assistant was introduced, intended only for local development and designed to integrate with Claude Code accepting requests only from loopback...
python3.11-urllib3 security update
An update is available for python3.11-urllib3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...
resource-agents security update
An update is available for resource-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...
RLSA-2026:1224 Important: python3.11-urllib3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
python-urllib3 security update
An update is available for python-urllib3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...
CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update
The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...
CVE-2025-15400
CVE-2025-15400 concerns the WordPress plugin OpenPix for WooCommerce (
CVE-2026-25528
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...
[SECURITY] Fedora 42 Update: rust-app-store-connect-0.5.0-6.fc42
Apple App Store Connect API and client...
CVE-2025-14592
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...
PT-2026-7521
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.6 through 18.6.5 GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description An authenticated user could potentially perform unauthorized operations by submitting GraphQL mutations...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 18.6.6 of GitLab...
CVE-2024-26478
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...