EUVD-2022-5114

Malicious code in bioql PyPI...

EUVD-2025-24599

Malicious code in bioql PyPI...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

Linux Distros Unpatched Vulnerability : CVE-2025-5819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed...

BIT-GITLAB-2025-5819 Incorrect Permission Assignment for Critical Resource in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

CVE-2025-5819

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

GitLab 15.7 < 18.0.6 / 18.1 < 18.1.4 / 18.2 < 18.2.2 (CVE-2025-5819)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer acces...

CVE-2025-5819

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

CVE-2025-5819 Incorrect Permission Assignment for Critical Resource in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

CVE-2025-5819

CVE-2025-5819 affects GitLab CE/EE versions 15.7–before 18.0.6, 18.1–before 18.1.4, and 18.2–before 18.2.2. The issue allows authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances. The provided documents confirm the affected versions and t...

CVE-2025-5819 Incorrect Permission Assignment for Critical Resource in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

Remote Code Execution (RCE)

CrafterCMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper control of dynamically-managed code resources due to a Groovy Sandbox bypass that allows authenticated developers to execute OS commands...

GHSA-5644-3VGQ-2PH5 Crafter Studio Groovy Sandbox Bypass

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...

SUSE CVE-2017-4969

The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks...

EUVD-2022-6848

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass...

EUVD-2022-6664

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

CVE-2022-40635

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass...

Crafter CMS 安全漏洞

Crafter CMS is an open source content management system CMS for digital experience applications. A security vulnerability exists in Crafter CMS Crafter Studio versions prior to 3.1.23, which stems from improperly controlled dynamic management code resources that allow authenticated developers to...

PT-2022-25431 · Crafter Cms · Crafter Studio

Name of the Vulnerable Software and Affected Versions: Crafter Studio of Crafter CMS affected versions not specified Description: The issue allows authenticated developers to execute OS commands via FreeMarker SSTI due to improper control of dynamically-managed code resources. Recommendations: At...

Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior t...