CVE-2024-26521

HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component...

CE Phoenix Cart Security Vulnerability

CE Phoenix Cart is a free, open source e-commerce shopping cart software from CE Phoenix Cart Open Source. A security vulnerability exists in CE Phoenix Cart v1.0.8.20 and earlier versions, which stems from the presence of an HTML injection vulnerability. The vulnerability can be exploited by an...

CVE-2024-26521

CE Phoenix v1.0.8.20 and earlier are affected by an HTML Injection vulnerability in the english.php component. The root cause is insufficient neutralization of special symbols, enabling a remote attacker to execute arbitrary code, escalate privileges, and access sensitive data. Affected versions ...

CVE-2023-32264

CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer...

OpenText Documentum D2 Security Vulnerability

OpenText Documentum D2 is a component of an Enterprise Content Management ECM solution from OpenText. A security vulnerability exists in OpenText Documentum D2 versions 16.5.1 through CE 23.2. An attacker can exploit the vulnerability to upload arbitrary code and execute code on a client computer...

PT-2024-12309 · Opentext · Opentext Documentum D2

Name of the Vulnerable Software and Affected Versions: OpenText Documentum D2 versions 16.5.1 through CE 23.2 Description: The issue allows the upload of arbitrary code, which can then be executed on the client's computer. This could potentially lead to malicious activities. Recommendations: For...

BIT-GITLAB-2020-13264

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token...

BIT-GITLAB-2020-13266

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...

BIT-GITLAB-2020-13268

A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1...

BIT-GITLAB-2020-13269

A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1...

BIT-GITLAB-2020-13272

OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow...

BIT-GITLAB-2020-13273

A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1...

BIT-GITLAB-2020-13300

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow...

BIT-GITLAB-2020-13354

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: =12.6, 13.3.9...

BIT-GITLAB-2020-13355

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: =8.14, =13.4, =13.5, 13.5.2...

BIT-GITLAB-2020-13357

An issue was discovered in Gitlab CE/EE versions = 13.1 to = 13.5 to = 13.6 to 13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project...

BIT-GITLAB-2020-26405

Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are =12.8, =13.4, =13.5, 13.5.2...

BIT-GITLAB-2020-26407

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project...

BIT-GITLAB-2021-22177

Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command...

BIT-GITLAB-2021-22181

A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources...