MAL-2025-16698 Malicious code in ce-market-insights-ui (npm)

The package ce-market-insights-ui was found to contain malicious code...

MAL-2025-40343 Malicious code in yarn-design-system-react-components-ce-c (npm)

The package yarn-design-system-react-components-ce-c was found to contain malicious code...

MAL-2025-40339 Malicious code in yarn-design-system-icons-ce-c (npm)

The package yarn-design-system-icons-ce-c was found to contain malicious code...

CVE-2025-6186 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

CVE-2012-10039

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...

Linux Distros Unpatched Vulnerability : CVE-2024-27061

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8icecipherunprepare should be called...

CVE-2025-0765 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions prior to 15.4 to 18.0.5,...

CVE-2025-4439

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks...

CVE-2025-4439 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks...

PT-2025-30635 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 18.0.4 GitLab CE/EE versions 18.1 through 18.1.2 GitLab CE/EE versions 18.2 through 18.2.0 Description: An issue allows privileged users to access certain resource group information through the API that shou...

PT-2025-30636 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.9 through 18.0.4 GitLab CE/EE versions 18.1 through 18.1.2 GitLab CE/EE versions 18.2 through 18.2.0 Description: An issue exists in GitLab CE/EE that could allow an unauthorized user to access custom service desk ema...

PT-2025-30613 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 18.0.4 GitLab CE/EE versions 18.1 through 18.1.2 GitLab CE/EE versions 18.2 through 18.2.0 Description: An issue exists in GitLab CE/EE that could allow an authenticated user to perform cross-site scripting...

PT-2025-30609 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 18.0.5 GitLab CE/EE versions 18.1 through 18.1.3 GitLab CE/EE versions 18.2 through 18.2.1 Description: An issue exists in GitLab CE/EE that, under specific circumstances, could allow a successful attacker ...

PT-2025-30637 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 18.0.4 GitLab CE/EE versions 18.1 through 18.1.2 GitLab CE/EE versions 18.2 through 18.2.0 Description: An issue exists that may allow an unauthorized user to read deployment job logs by sending a crafted...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE using CDNs Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE Improper Access Control issue impacts GitLab EE...

CVE-2025-38300

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce-cipher - fix error handling in sun8icecipherprepare Fix two DMA cleanup issues on the error path in sun8icecipherprepare: 1 If dmamapsg fails for areq-dst, the device driver would try to free DMA memory it has no...

CVE-2025-38300

CVE-2025-38300: In the Linux kernel sun8i-ce-cipher path (sun8i_ce_cipher_prepare), two DMA cleanup issues on the error path are fixed. 1) On the theend_sgs error path, dma_unmap is now performed only if the corresponding dma_map_sg() succeeded for areq->dst. 2) On the theend_iv path, dma_unma...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue impacts GitLab CE/EE Improper authorization issue impacts GitLab CE/EE Improper authorization issue impacts GitLab EE Improper authorization issue impacts GitLab EE...

BIT-GITLAB-2025-3279 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests...