13561 matches found
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in Wiki impacts GitLab CE/EE Improper encoding in vulnerability reports impacts GitLab CE/EE Cross-site scripting issue in Swagger UI impacts GitLab CE/EE Denial of service issue in GraphQL endpoints impacts GitLab CE/EE Authentication bypass issue for...
EUVD-2025-201945
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
CVE-2025-14345
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
CVE-2025-14345
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
UBUNTU-CVE-2025-14345
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
CVE-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
CVE-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
CVE-2025-14345
CVE-2025-14345 describes a post-authentication flaw in MongoDB Server’s network two‑phase commit protocol used for cross‑shard transactions. The issue can cause the transaction coordination logic to misinterpret a transaction as committed, leading to inconsistent shard state and potential low int...
Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
CVE-2025-65964
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...
CVE-2022-50652
In the Linux kernel, the following vulnerability has been resolved: uio: uiodmemgenirq: Fix missing unlock in irq configuration Commit b74351287d4b "uio: fix a sleep-in-atomic-context bug in uiodmemgenirqirqcontrol" started calling disableirq without holding the spinlock because it can sleep...
PT-2025-49980
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.0.16 MongoDB Server versions prior to 7.0.26 MongoDB Server versions prior to 8.2.2 Description A flaw exists in the network two-phase commit protocol used for cross-shard transactions. This issue can lead to...
MongoDB Server 安全漏洞
MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server versions prior to 8.0.16, prior to 7.0.26, and...
Security Bulletin: NVIDIA Merlin - December 2025
NVIDIA has released an update for Merlin to address a security issue that might lead to the impacts described in this bulletin. To protect your system, clone or update this software to include the following commits: Commit 5dd11f4 or later from NVIDIA Merlin/NVTabular Commit 876f19e or later from...
n8n 安全漏洞
n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n versions 0.123.1 through 1.119.1, which stems from a lack of adequate protection for project pre-commit hooks and could lead to remote code execution...
MongoDB Server -- Improper Locking
https://jira.mongodb.org/browse/SERVER-106075 reports: A post-authenticationflaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short...
CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...
EUVD-2025-201815
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...
CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...
CVE-2025-65964
Summary: CVE-2025-65964 affects n8n open source workflow automation. Versions 0.123.1 through 1.119.1 allow remote code execution via the Git node’s pre-commit hook handling. The issue arises because Add Config can set arbitrary Git values (e.g., core.hooksPath), enabling a malicious Git hook to ...