Lucene search
K

109 matches found

Snyk
Snyk
added 2026/03/24 12:32 a.m.6 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the Blobs::ProxyController. An attacker can exhaust server memory by sending requests with large or unbounded range headers. Remediation Upgrade activestorage to version 7.2.3.1, 8.0.4.1,...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/21 12:0 a.m.3 views

Improper Handling of Length Parameter Inconsistency

Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency in the readGGUFV1String function, which is exposed over the /blobs and /create endpoints. An attacker can cause the service to become unavailable by submitting malicious GGUF metadata...

8.7CVSS5.9AI score0.00362EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.7 views

CVE-2022-0687

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role...

8.8CVSS6.7AI score0.01439EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-10004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instan...

7.5CVSS5.5AI score0.00496EPSS
Exploits0References2
OSV
OSV
added 2025/10/11 9:4 a.m.5 views

BIT-GITLAB-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

7.5CVSS6.9AI score0.00496EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/10 12:25 p.m.5 views

CVE-2025-10004

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

7.5CVSS6.7AI score0.00496EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 12:15 p.m.5 views

CVE-2025-10004

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

7.5CVSS0.00496EPSS
Exploits0References3
OSV
OSV
added 2025/10/09 12:15 p.m.3 views

UBUNTU-CVE-2025-10004

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

7.5CVSS5.8AI score0.00496EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/09 12:4 p.m.2 views

CVE-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

7.5CVSS6.5AI score0.00496EPSS
Exploits0References3
CVE
CVE
added 2025/10/09 12:4 p.m.19 views

CVE-2025-10004

CVE-2025-10004 affects GitLab CE/EE versions 13.12 through 18.2.8, 18.3 through 18.3.4, and 18.4 through 18.4.2. The issue allows crafted GraphQL queries to request large repository blobs, potentially making a GitLab instance unresponsive or severely degraded. A remediation has been released; Git...

7.5CVSS6.5AI score0.00496EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/10/09 12:4 p.m.4 views

CVE-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

7.5CVSS6.5AI score0.00496EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-0061

Malware in sbrugna...

5CVSS6.3AI score0.014EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-6543

Malware in sbrugna...

7.5CVSS7.5AI score0.02409EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-5532

Malware in sbrugna...

6.1CVSS6.1AI score0.01531EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-22795

Malware in sbrugna...

7.5CVSS7.6AI score0.00756EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-1443

Malware in sbrugna...

7.5CVSS6.1AI score0.01313EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/19 6:48 p.m.8 views

CVE-2025-34206 Vasion Print (formerly PrinterLogic) Insecure Shared Storage Permissions

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments mount host configuration and secret material under /var/www/efsstorage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in...

9.3CVSS0.00475EPSS
Exploits1References4
CVE
CVE
added 2025/09/19 6:48 p.m.24 views

CVE-2025-34206

The CVE-2025-34206 entry concerns Vasion Print (PrinterLogic) Virtual Appliance Host and Application. It describes overly-permissive permissions on host files mounted into multiple Docker containers under /var/www/efs_storage, enabling access to secrets.env, GPG-encrypted blobs, MySQL client keys...

9.8CVSS6.5AI score0.00475EPSS
Exploits1References4Affected Software2
Microsoft CVE
Microsoft CVE
added 2025/09/04 12:0 a.m.7 views

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

...

9.8CVSS9.5AI score0.08609EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2020-13271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through...

6.1CVSS6.6AI score0.01531EPSS
Exploits0References2
Rows per page
Query Builder