Lucene search
K

15 matches found

OSV
OSV
added 2026/06/12 9:4 a.m.8 views

BIT-GITLAB-2026-6277 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security configuration even whe...

4.3CVSS5.4AI score0.00182EPSS
Exploits0References4
OSV
OSV
added 2026/06/11 12:16 p.m.5 views

UBUNTU-CVE-2026-6277

GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security configuration even whe...

4.3CVSS5.4AI score0.00182EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/11 10:20 a.m.9 views

CVE-2026-6277 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security configuration even whe...

4.3CVSS5.5AI score0.00182EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 10:20 a.m.29 views

CVE-2026-6277 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security configuration even whe...

4.3CVSS0.00182EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 4:20 p.m.16 views

CVE-2026-35585 File Browser has a Command Injection via Hook Runner

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.0.0 until 2.33.8, the hook system in File Browser — which executes administrator-defined shell commands on file events such as upload, rename, and delete...

7.5CVSS0.01922EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-25900

Malicious code in bioql PyPI...

9CVSS8.6AI score0.1455EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 3:15 p.m.2 views

DEBIAN-CVE-2024-41027

In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfdapi to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an...

3.3CVSS5.5AI score0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/26 2:16 p.m.17 views

CVE-2023-41972 Revert password check incorrect type validation

In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later...

7.3CVSS7.5AI score0.00236EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/02/01 8:51 p.m.24 views

Statmic CMS vulnerable to account takeover via XSS and password reset link

Impact HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects: - front-end forms with asset fields without any mime type validation - asset fields in the control panel - asset browser in the control panel Additionally, if the XSS is crafted in a specific...

8.2CVSS6.8AI score0.00734EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.5 views

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS5.8AI score0.00834EPSS
Exploits0References5
NVD
NVD
added 2022/02/23 6:15 p.m.23 views

CVE-2022-20650

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

9CVSS0.1455EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/02/23 5:40 p.m.21 views

CVE-2022-20650 Cisco NX-OS Software NX-API Command Injection Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

8.8CVSS7.7AI score0.1455EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/11/09 5:42 p.m.5 views

python-pillow: Buffer overflow in image convert function

A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the "convert" or "ImagingConvertTransparent" functions in Convert.c. The highest threat to this vulnerability is to system availability. ...

9.8CVSS7.5AI score0.03162EPSS
Exploits0References5
Cvelist
Cvelist
added 2019/08/02 9:21 p.m.32 views

CVE-2019-7887

A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is...

5.1AI score0.00557EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/08/23 6:29 p.m.25 views

CVE-2018-1999045

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled...

5.5CVSS6.4AI score0.00874EPSS
Exploits0References2
Rows per page
Query Builder