CVE-2026-1182

GitLab CE/EE patched CVE-2026-1182 affecting all versions: 8.14–18.7.6, 18.8–18.8.6, and 18.9–18.9.2. An authenticated user could gain unauthorized access to confidential issue titles in public projects under certain circumstances. The remediation addresses these releases; the advisory does not p...

CVE-2025-36428

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled...

PT-2025-53092

Name of the Vulnerable Software and Affected Versions Kodezen LLC Academy LMS versions through 3.4.0 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Stored Cross-site Scripting XSS condition. This allows an attacker to...

EUVD-2025-198443

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through = 1.3.0...

PT-2025-43216

Name of the Vulnerable Software and Affected Versions Rajan Vijayan WP Smart Flexslider versions through 2.5 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Cross-site Scripting XSS. This allows an attacker to...

EUVD-2024-23268

Malicious code in bioql PyPI...

Security Bulletin: IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers

Summary IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers. It has a bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Vulnerability Detail...

Linux Distros Unpatched Vulnerability : CVE-2022-3639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all...

CVE-2022-3639

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage...

CVE-2022-2534

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration...

Dell PowerProtect Cyber Recovery 安全漏洞

Dell PowerProtect Cyber Recovery is a cyber security solution for protecting and recovering critical data. An information disclosure vulnerability exists in Dell PowerProtect Cyber Recovery. The vulnerability stems from a failure to properly handle sensitive information and can be exploited by an...

CVE-2024-42208

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

CVE-2024-54016

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

CVE-2024-23563

HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

Out-of-bounds Write

libzephyr.so is vulnerable to Out-of-bounds Write.The vulnerability is caused due to improper handling of data sizes in the getattsearchlist function in bluetooth/host/sdp.c, which can lead to a crash when passing a dataelem of size greater than 10...

PT-2024-3629 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 Description: The issue is related to an improper handling of unexpected data type, which could be exploited by a remote unauthenticated attacker to cause a denial of service. Recommendation...

BIT-GITLAB-2022-3639

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage...

Information Disclosure

nonebot2 is vulnerable to Information Disclosure. The vulnerability is due to improper handling of user-provided data in a MessageTemplate, which could result in sensitive information disclosure if the user input is used in templates without adequate filtering...

GitLab 10.8 < 15.1.6 / 15.2 < 15.2.4 / 15.3 < 15.3.2 (CVE-2022-3639)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3....

PT-2023-1784

Name of the Vulnerable Software and Affected Versions Azure Apache Ambari versions affected versions not specified Description The issue is related to a spoofing vulnerability in Azure Apache Ambari. It is caused by improper data handling, which could allow a remote attacker to conduct spoofing...