CVE-2026-46390 HAX CMS has Unauthenticated Git Access via User-Controlled Key

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

Improper access control

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

UBUNTU-CVE-2021-39872

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

GitLab 授权问题漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. GitLab suffers from an authorization issue vulnerability,...

GitBackdorizer - Is A Proof Of Concept That Uses The Lack Of User Attention To Steal Git Access Credentials

GitBackdorizer is a proof of concept, fully inspired in Ulisses Castro's 50 ton of backdoors talk, that abuses the lack of user attention to steal git access credentials. How it Works GitBackdorizer consists of three pieces: handler, dropper and the payload. Handler The handler sets up a HTTP...