942 matches found
CVE-2024-10219
An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...
CVE-2024-10219
An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...
UBUNTU-CVE-2024-10219
An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...
CVE-2024-10219 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...
CVE-2024-10219 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...
CVE-2024-10219 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...
CVE-2024-10219
Removed by vendor...
CVE-2024-10219
GitLab CVE-2024-10219 affects GitLab CE/EE versions 15.6–before 18.0.6, 18.1–before 18.1.4, and 18.2–before 18.2.2. The issue allows authenticated users to bypass access controls and download private artifacts by abusing certain API endpoints. Mitigation requires upgrading to the fixed releases: ...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 15.6 to...
PT-2025-33040 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.6 through 18.0.6 GitLab CE/EE versions 18.1 through 18.1.4 GitLab CE/EE versions 18.2 through 18.2.2 Description: An issue exists in GitLab CE/EE that, under certain conditions, could allow authenticated users to bypa...
AuthKit Remix Library 信息泄露漏洞
AuthKit Remix Library is a WorkOS open source library for authentication and session management. An information disclosure vulnerability exists in AuthKit Remix Library version 0.14.1 and earlier, which stems from exposing sensitive authentication artifacts and could lead to information disclosur...
AuthKit React Router Library 信息泄露漏洞
AuthKit React Router Library is a WorkOS open source authentication and session helper for use in React Router 7. An information disclosure vulnerability exists in AuthKit React Router Library version 0.6.1 and earlier, which stems from exposing sensitive authentication artifacts that could lead ...
CVE-2025-53902 Tuleap exposes artifacts to a mentioned user via email notifications
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts...
CVE-2025-53541 Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security MOIS and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX...
WaFusion: a Wavelet-Enhanced Diffusion Framework for Face Morph Generation
Biometric face morphing poses a critical challenge to identity verification systems, undermining their security and robustness. To address this issue, we propose WaFusion, a novel framework combining wavelet decomposition and diffusion models to generate high-quality, realistic morphed face image...
CVE-2025-53624
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
CVE-2025-50122
A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts...
Rainbow Artifacts from Electromagnetic Signal Injection Attacks on Image Sensors
Image sensors are integral to a wide range of safety- and security-critical systems, including surveillance infrastructure, autonomous vehicles, and industrial automation. These systems rely on the integrity of visual data to make decisions. In this work, we investigate a novel class of...
Moderate: Red Hat Security Advisory: osbuild-composer security update
An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...