15363 matches found
Description of the security update for Microsoft Exchange Server Subscription Edition RTM: July 14, 2026 (KB5103212)
None None...
Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
Teclib GLPI = 9.3.3 exposes a script /scripts/unlocktasks.php that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. id: CVE-2019-10232 info: name:...
Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting
Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter. id: CVE-2019-14696 info: name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting author: pikpikcu severity: medium description: Open-School 3.0, and...
EUVD-2026-43300
An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...
CVE-2026-14165
An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...
CVE-2026-14165 Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5
An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...
CVE-2026-14165
Technical details are not publicly available in the provided documents. Monitor for updates on affected versions, root cause, and remediation.
CVE-2026-57230 OpenReplay: Authenticated ClickHouse SQL injection via session search
OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user input into the query string, including two positions that took input without escaping, allowing an...
CVE-2026-57230 OpenReplay: Authenticated ClickHouse SQL injection via session search
OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user input into the query string, including two positions that took input without escaping, allowing an...
CVE-2026-11827
A flaw was found in GitLab EE. An authenticated user with maintainer-role permissions could, under specific conditions, exploit improper authorization controls. This vulnerability allows the user to obtain other users' stored credentials, leading to unauthorized information disclosure...
GitLab 13.11 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-6896)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticat...
CVE-2026-6896
GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...
CVE-2026-8472
GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...
CVE-2026-11827
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...
CVE-2026-13151
GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...
CVE-2026-6352
GitLab EE contains an authorization flaw in GraphQL operations that could allow an authenticated user with auditor-level access to modify compliance violation records. Affected versions include all 18.2-era releases before 18.11.7, all 19.0-era releases before 19.0.4, and all 19.1-era releases be...
EUVD-2026-42407
GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...
EUVD-2026-42405
GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...
CVE-2026-11827
Summary: GitLab EE fixed an issue where an authenticated user with maintainer permissions could obtain another user’s stored credentials due to improper authorization controls. Affected versions (before patches): GitLab EE 9.5 up to 18.11.7, 19.0 up to 19.0.4, and 19.1 up to 19.1.2. Root cause (a...
EUVD-2026-42404
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...