GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 17.6 through befo...

EUVD-2019-4039

Malware in sbrugna...

EUVD-2019-4580

Malware in sbrugna...

EUVD-2024-54377

Malicious code in bioql PyPI...

EUVD-2022-29785

Malicious code in bioql PyPI...

CVE-2025-7001

GitLab CE/EE is affected by CVE-2025-7001: versions 15.0–before 18.0.5, 18.1–before 18.1.3, and 18.2–before 18.2.1 expose a vulnerability where privileged users can access certain resource_group information via the API that should be unavailable. Root cause: insufficient access control granularit...

PT-2025-21703 · Valvepress · Valvepress Pinterest Automatic Pin

Name of the Vulnerable Software and Affected Versions: ValvePress Pinterest Automatic Pin versions n/a through 4.18.2 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

Directory Traversal

Vite is vulnerable to Directory Traversal. The vulnerability is due to access control bypass due to insufficient enforcement of file access restrictions when using pattern-matching with dot-slash /. in network-exposed development servers...

PT-2025-15561 · Microsoft · Windows Refs +1

Name of the Vulnerable Software and Affected Versions: Windows Resilient File System ReFS affected versions not specified Description: The issue is related to improper access control, allowing an authorized attacker to disclose information over a network. Recommendations: At the moment, there is ...

PT-2025-15165 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A security issue exists in the security verification module, specifically an access control vulnerability. Successful exploitation of this issue will impact the integrity and confidentiality...

PT-2025-15163 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A security issue exists in the security verification module, specifically an access control vulnerability. Successful exploitation of this issue will impact the integrity and confidentiality...

PT-2023-36246 · Pipewire · Pipewire

Name of the Vulnerable Software and Affected Versions: pipewire affected versions not specified Description: The issue allows an app with permission to access one stream to also access other streams. This is a security concern as it bypasses intended access controls. Additionally, there were fixe...

PT-2022-21678 · Unknown · Nopcommerce

Name of the Vulnerable Software and Affected Versions: nopcommerce version 4.50.2 Description: The issue is related to an access control problem, allowing attackers to modify any customer's address. This is achieved through the "addressedit" endpoint. Recommendations: For nopcommerce version...

PT-2022-12417 · Unknown · Globalprotect-Openconnect

Name of the Vulnerable Software and Affected Versions: GlobalProtect-openconnect versions prior to 1.4.3 Description: The issue concerns incorrect access control in GPService through DBUS, GUI Application. This allows arbitrary users to execute commands as root by submitting the --script=...

CVE-2021-43979

Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish...