2483 matches found
CVE-2025-53392
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diagcommand.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed throug...
CVE-2025-53392
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diagcommand.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed throug...
CVE-2025-53392
CVE-2025-53392 : In pfSense CE 2.8.0, the WebCfg - Diagnostics: Command privilege allows an authenticated user to download/read arbitrary files via a directory traversal in diag_command.php (dlPath). This is a local file-disclosure vulnerability, with evidence of PoC/exploit activity (e.g., publi...
PT-2025-27330 · Netgate · Pfsense Ce
Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE version 2.8.0 Description: The issue arises from the "WebCfg - Diagnostics: Command" privilege, which improperly allows users to read arbitrary files on the system through a directory traversal attack targeting the diag...
CVE-2025-2938
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...
CVE-2025-5315 Missing Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...
PT-2025-26938 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.2 through 17.11.4 GitLab CE/EE versions 18.0 through 18.0.2 GitLab CE/EE versions 18.1 through 18.1.0 Description: An issue has been discovered that could have allowed authenticated users with Guest role permissions t...
PT-2025-26935 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.2 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: An issue has been discovered in GitLab CE/EE that could have allowed unauthenticated attackers to uplo...
PT-2025-26937 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.7 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: An issue has been discovered in GitLab CE/EE that could allow authenticated attackers to create a...
PT-2025-26936 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.3 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: An issue has been discovered in GitLab CE/EE that could allow authenticated users to gain elevated...
CVE-2025-5121
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...
CVE-2024-4025
A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page...
PT-2025-26452 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.10 through 16.11.5 GitLab CE/EE version 17.0 through 17.0.3 GitLab CE/EE version 17.1 through 17.1.1 Description: A Denial of Service DoS condition exists in GitLab CE/EE. An attacker can cause a denial of service by...
CVE-2025-1478
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service...
CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...
PT-2025-25286 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.13 through 17.10.7 GitLab CE/EE versions 17.11 through 17.11.3 GitLab CE/EE versions 18.0 through 18.0.1 Description: An issue has been discovered in GitLab CE/EE, where a lack of input validation in Board Names could ...
PT-2025-25291 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.9 through 17.10.6 GitLab CE/EE versions 17.11 through 17.11.2 GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE, allowing authenticated users to access arbitrary...
PT-2025-25287 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.7 through 17.10.8 GitLab CE/EE versions 17.11 through 17.11.4 GitLab CE/EE versions 18.0 through 18.0.2 Description: An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11...
PT-2025-25292 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.7 through 17.10.8 GitLab CE/EE versions 17.11 through 17.11.4 GitLab CE/EE versions 18.0 through 18.0.2 Description: An issue has been discovered in GitLab CE/EE that allows an attacker to trigger an infinite redirect...
PT-2025-25290 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 2.1.0 through 17.10.7 GitLab CE/EE versions 17.11 through 17.11.3 GitLab CE/EE versions 18.0 through 18.0.1 Description: An issue has been discovered in GitLab CE/EE, where a lack of input validation in HTTP responses...