Lucene search
K

942 matches found

RedhatCVE
RedhatCVE
added 2025/08/15 5:30 p.m.13 views

CVE-2024-10219

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

6.5CVSS6.7AI score0.00398EPSS
Exploits0References1
NVD
NVD
added 2025/08/13 6:15 p.m.28 views

CVE-2024-10219

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

6.5CVSS0.00398EPSS
Exploits0References2
OSV
OSV
added 2025/08/13 6:15 p.m.4 views

UBUNTU-CVE-2024-10219

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References4
OSV
OSV
added 2025/08/13 5:28 p.m.9 views

CVE-2024-10219 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

6.5CVSS6.3AI score0.00398EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/13 5:28 p.m.49 views

CVE-2024-10219 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

6.5CVSS0.00398EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/13 5:28 p.m.5 views

CVE-2024-10219 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

6.5CVSS6.6AI score0.00398EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/08/13 5:28 p.m.4 views

CVE-2024-10219

Removed by vendor...

6.5CVSS5.8AI score0.00398EPSS
Exploits0
CVE
CVE
added 2025/08/13 5:28 p.m.76 views

CVE-2024-10219

GitLab CVE-2024-10219 affects GitLab CE/EE versions 15.6–before 18.0.6, 18.1–before 18.1.4, and 18.2–before 18.2.2. The issue allows authenticated users to bypass access controls and download private artifacts by abusing certain API endpoints. Mitigation requires upgrading to the fixed releases: ...

6.5CVSS6.6AI score0.00398EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.2 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 15.6 to...

6.5CVSS6.6AI score0.00398EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.4 views

PT-2025-33040 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.6 through 18.0.6 GitLab CE/EE versions 18.1 through 18.1.4 GitLab CE/EE versions 18.2 through 18.2.2 Description: An issue exists in GitLab CE/EE that, under certain conditions, could allow authenticated users to bypa...

6.5CVSS6.7AI score0.00398EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/08/09 12:0 a.m.2 views

AuthKit Remix Library 信息泄露漏洞

AuthKit Remix Library is a WorkOS open source library for authentication and session management. An information disclosure vulnerability exists in AuthKit Remix Library version 0.14.1 and earlier, which stems from exposing sensitive authentication artifacts and could lead to information disclosur...

7.1CVSS6AI score0.00342EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/09 12:0 a.m.5 views

AuthKit React Router Library 信息泄露漏洞

AuthKit React Router Library is a WorkOS open source authentication and session helper for use in React Router 7. An information disclosure vulnerability exists in AuthKit React Router Library version 0.6.1 and earlier, which stems from exposing sensitive authentication artifacts that could lead ...

7.1CVSS6AI score0.00342EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/29 7:36 p.m.2 views

CVE-2025-53902 Tuleap exposes artifacts to a mentioned user via email notifications

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts...

4.3CVSS6.2AI score0.00302EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/07/29 7:27 p.m.4 views

CVE-2025-53541 Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...

5.4CVSS6.8AI score0.00215EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/07/21 5:18 p.m.16 views

Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security MOIS and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/15 12:0 a.m.4 views

WaFusion: a Wavelet-Enhanced Diffusion Framework for Face Morph Generation

Biometric face morphing poses a critical challenge to identity verification systems, undermining their security and robustness. To address this issue, we propose WaFusion, a novel framework combining wavelet decomposition and diffusion models to generate high-quality, realistic morphed face image...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/11 9:28 p.m.11 views

CVE-2025-53624

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

10CVSS6.9AI score0.01842EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/11 9:17 a.m.8 views

CVE-2025-50122

A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts...

8.9CVSS0.00196EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/07/10 12:0 a.m.1 views

Rainbow Artifacts from Electromagnetic Signal Injection Attacks on Image Sensors

Image sensors are integral to a wide range of safety- and security-critical systems, including surveillance infrastructure, autonomous vehicles, and industrial automation. These systems rely on the integrity of visual data to make decisions. In this work, we investigate a novel class of...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/06/25 12:20 p.m.9 views

Moderate: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

9.1CVSS6.8AI score0.00724EPSS
Exploits0References2
Rows per page
Query Builder