CVE-2022-0371

Removed by vendor...

CVE-2022-0371

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails...

CVE-2022-0371

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails...

CVE-2022-0549

CVE-2022-0549 affects GitLab CE/EE; versions before 14.3.6, 14.4 before 14.4.4, and 14.5 before 14.5.2 are vulnerable. Under certain conditions, the REST API could allow unprivileged users to add other users to groups, contrary to Web UI constraints. Root cause: access control issue. Impact: unau...

CVE-2022-0735

CVE-2022-0735 — GitLab CE/EE information disclosure : Affects GitLab CE/EE versions 12.10–before 14.6.5, 14.7–before 14.7.4, and 14.8–before 14.8.2. An unauthorized user could disclose runner registration tokens via an information-disclosure vulnerability triggered by quick actions commands, enab...

PT-2022-17635 · Unknown · Pfsense Ce +1

Name of the Vulnerable Software and Affected Versions: pfSense CE versions prior to 2.6.0 pfSense Plus versions prior to 22.01 Description: The issue is related to improper access control in pfSense CE and pfSense Plus, allowing a remote attacker with the privilege to change NTP GPS settings to...

Netgate pfSense CE 输入验证错误漏洞

Netgate pfSense CE is a free and open source FreeBSD-based firewall and router software. An input validation error vulnerability exists in Netgate pfSense CE, which could allow an attacker who has the power to change the settings of an OpenVPN client or server to execute arbitrary commands...

CVE-2020-18327

Alfresco Community Edition XSS (CVE-2020-18327) affects Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. The underlying issue is a cross-site scripting vulnerability that can be exploited through this endpoint. It is fixed in v6.2. Affected...

Prototype Pollution in litespeed.js and appwrite/server-ce

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

GHSA-V9P9-535W-4285 Prototype Pollution in litespeed.js and appwrite/server-ce

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

CVE-2021-23682

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

Code injection

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

CVE-2021-23682

Prototype pollution vulnerability in litespeed.js (

CVE-2021-23682 Prototype Pollution

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

Beckhoff CX9020 Authentication Bypass (CVE-2020-20741)

Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020CB3011WEC7HPSv602TC31B4016.6 allows remote attackers to bypass authentication via the CE Remote Display Tool as it does not close the incoming connection on the Windows CE side if the credentials are...

Cross site scripting

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $REQUEST'pkgfilter' in a PHP echo call, causing XSS...

Prototype Pollution

Overview appwrite/server-ce is an End to end backend server for frontend and mobile apps. Affected versions of this package are vulnerable to Prototype Pollution. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leadi...

CVE-2022-0244

An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file...

CVE-2021-39942

A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to...