32 matches found
Code-Centric Detection of Vulnerability-Fixing Commits: A Unified Benchmark and Empirical Study
Automated detection of vulnerability-fixing commits VFCs is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive evaluation of code language model based VFC detection...
Active Debug Code
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php file. An attacker can obtain sensitive information, including developer email addresses, deployed commit hashes, and commit...
CVE-2026-40908
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...
CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...
EUVD-2026-24286
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...
CVE-2026-40908
WWBN AVideo (open source video platform) contains a vulnerability in versions 29.0 and prior where the file at web root, git.json.php, executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes: the exact deployed commit hash (enables version fingerprinting ...
WWBN AVideo 信息泄露漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to version 29 contain an information leakage vulnerability. This vulnerability stems from the git.json.php file located in the root directory, which executes and returns the complet...
Active Debug Code
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php script, which executes a shell command and returns sensitive information as JSON to any unauthenticated user. An attacker ca...
WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php Exposes Developer Emails and Deployed Version
Summary The file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs, developer names and email addresses PII, and commit messages which may...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the processing of deprecated workflow commands in untrusted input. An attacker can inject arbitrary environment variables or modify the...
Soft Serve does not sanitize ANSI escape sequences in user input
Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...
GHSA-FV2R-R8MP-PG48 Soft Serve does not sanitize ANSI escape sequences in user input
Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...
EUVD-2020-0509
Malware in sbrugna...
EUVD-2025-29018
Malicious code in bioql PyPI...
BIT-GITLAB-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...
CVE-2025-1250
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...
CVE-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...
CVE-2025-1250
Summary (CVE-2025-1250) : A vulnerability in GitLab CE/EE affects versions 15.0 through 18.1.5, 18.2 through 18.2.5, and 18.3 through 18.3.1 that could allow an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes...
CVE-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...
CVE-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...