CVE-2023-6489

A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature...

CVE-2024-2279

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...

CVE-2023-6489

CVE-2023-6489 affects GitLab CE/EE: vulnerable in GitLab versions 16.7.7 before 16.8.6, 16.9 before 16.9.4, and 16.10 before 16.10.2. The issue allows a denial-of-service by spiking resource usage via the chat integration feature. The root cause is described in OSV entries as inefficient regular ...

CVE-2024-2279 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...

CVE-2024-3092

CVE-2024-3092 affects GitLab CE/EE: stored XSS via the diff viewer in all versions 16.9 before 16.9.4 and 16.10 before 16.10.2. Exploitation could allow an attacker to act on behalf of victims. Remediation: upgrade to GitLab 16.9.4 or 16.10.2 (per advisories referencing the fixed versions).

CVE-2024-29296

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...

CVE-2024-29296

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...

CVE-2024-29296

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...

PT-2024-5801 · Unknown +1 · Portainer Ce +1

Name of the Vulnerable Software and Affected Versions: Portainer CE version 2.19.4 Description: A user enumeration issue is present in the user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This...

CVE-2024-29296

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...

BIT-GITLAB-2023-6371 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf...

The vulnerability of the english.php file in the e-commerce software for CE Phoenix (CE PhoenixCart) allows a hacker to execute arbitrary code.

The vulnerability of the english.php file in the e-commerce software CE Phoenix CE PhoenixCart is related to deficiencies in eliminating special characters. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-6371

Summary of CVE-2023-6371 (GitLab CE/EE): An issue in GitLab CE/EE where a wiki page with a crafted payload can cause a Stored XSS, allowing an attacker to perform arbitrary actions on behalf of victims. Affected versions: all versions before 16.8.5, all versions from 16.9 before 16.9.3, and all v...

CVE-2023-6371

Removed by vendor...

CVE-2024-2818

CVE-2024-2818 concerns GitLab CE/EE. Affected are all versions before 16.8.5, all 16.9.x before 16.9.3, and all 16.10.x before 16.10.1. An attacker could cause a denial of service by sending a malicious crafted description parameter for labels. The issue’s remediation is to upgrade to the fixed r...

GitLab CE/EE Password Reset

Exploit Title: GitLab CE/EE 16.7.2 - Password Reset Exploit Author: Sebastian Kriesten 0xB455 Twitter: https://twitter.com/0xB455 Date: 2024-01-12 Vendor Homepage: gitlab.com Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-26521

HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component...

Design/Logic Flaw

HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component...

CVE-2024-26521

HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component...