BIT-GITLAB-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

CVE-2026-6976

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

CVE-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.

...

Cross-site Scripting (XSS)

http-file-server is vulnerable to cross-site scripting XSS attack. It is possible because it does not handle the file name input from the user, allowing a malicious user to inject arbitrary script though it...

CVE-2017-15527

Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to pare...

BSD-Games 2.x - Mille Local Save Game File Name Buffer Overrun

BSD-Games 2.x - Mille Local Save Game File Name Buffer Overrun // source: https://www.securityfocus.com/bid/10165/info bsd-games mille is prone to a locally exploitable buffer overrun vulnerability. This issue is due to insufficient bounds checking when the user inputs a file name when saving a...

BSD-Games 2.x - Mille Local Save Game File Name Buffer Overrun

// source: https://www.securityfocus.com/bid/10165/info bsd-games mille is prone to a locally exploitable buffer overrun vulnerability. This issue is due to insufficient bounds checking when the user inputs a file name when saving a game. This game is typically installed setgid games so may allow...