PT-2025-4864

Name of the Vulnerable Software and Affected Versions Wildfly component versions prior to HAL 3.7.7.Final Description A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a...

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. WeGIA suffers from a cross-site scripting vulnerability that stems from a reflected cross-site scripting vulnerability contained in the cpf parameter of the CadastroAtendido.php file...

CVE-2024-13041

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...

UBUNTU-CVE-2024-13041

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...

GitLab 16.4 < 17.5.5 / 17.6 < 17.6.3 / 17.7 < 17.7.1 (CVE-2024-13041)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created vi...

CVE-2024-52869

Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server SLES 12 Service Pack SP 2 or 3 to SLES 15 SP2 on Teradata Database systems, some...

PT-2025-37305

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: A flaw exists in the Zabbix API where the hostprototype.get method inappropriately lists all host prototypes to users lacking assigned user groups. Recommendations: At the moment, there is n...

Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

CVE-2024-56512

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

CVE-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

CVE-2024-56512

CVE-2024-56512 (Apache NiFi) affects NiFi 1.10.0–2.0.0, where creating a new Process Group omits fine‑grained authorization checks for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers. As a result, authenticated users with permission to create Process Groups ...

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A security vulnerability exists in Apache NiFi versions 1.10.0 to 2.0.0, which stems from a lack of fine-grained...

PT-2025-3199 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions 7.6.x through 7.6.3 Description: An issue was discovered that allows a user with the security admin local role to create a new user in a group that has the admin role. This is related to incorrect permission storage...

AZL-54920 CVE-2024-56672 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcgunpinonline blkcgunpinonline walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcgparentblkcg but it was calling that after blkcgdestroyblkgsblkcg which could free the blkcg,...

PT-2024-10215 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.10.0 through 2.0.0 Description: The issue is related to missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers when creating new Process...

FreeBSD : Vaultwarden -- Admin organization permissions (0a8dbc7f-bedc-11ef-b5a1-000ec6d40964)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a8dbc7f-bedc-11ef-b5a1-000ec6d40964 advisory. The Vaultwarden project reports: Admins from any organization were able to modify or delete groups in a...

CVE-2024-56335

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

PT-2024-36796 · Unknown +1 · Vaultwarden +1

Name of the Vulnerable Software and Affected Versions: vaultwarden versions 1.32.6 and earlier Description: vaultwarden, an unofficial Bitwarden compatible server written in Rust, is susceptible to a manipulation issue affecting group management. An attacker with a user account on the server,...

Vaultwarden -- Admin organization permissions

The Vaultwarden project reports: Admins from any organization were able to modify or delete groups in any other organization if they know the group's uuid...