CVE-2026-34579

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

EUVD-2024-17287

Malicious code in bioql PyPI...

EUVD-2024-32542

Malicious code in bioql PyPI...

CVE-2020-15818

In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence...

CVE-2019-5465

An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID...

CVE-2024-1539

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API...

CVE-2024-3976

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to...

BIT-MEDIAWIKI-2021-30153

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. It shouldn't because the...

CVE-2023-1825 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export...

CVE-2023-1825

Removed by vendor...

PT-2022-6803 · Unknown +2 · Openimageio +2

Name of the Vulnerable Software and Affected Versions: OpenImageIO version 2.3.19.0 Description: An information disclosure issue exists in the OpenImageIO::decode iptc iim functionality. This is related to reading beyond the valid boundaries of a data buffer. A specially-crafted TIFF file can lea...

CVE-2022-0344

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a...

CVE-2021-25767

In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution...

ghostscript:gstoraster_fuzzer: Crash in mem_mapped4_fill_rectangle

Detailed Report: https://oss-fuzz.com/testcase?key=5702235993669632 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzerasanghostscript Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000526dcdc Crash State: memmapped4fillrectangle...

CVE-2020-10105

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html...

FreeBSD : Gitlab -- Multiple Vulnerabilities (c5bd9068-440f-11ea-9cdb-001b217b3468)

Gitlab reports : Path Traversal to Arbitrary File Read User Permissions Not Validated in ProjectExportWorker XSS Vulnerability in File API Package and File Disclosure through GitLab Workhorse XSS Vulnerability in Create Groups Issue and Merge Request Activity Counts Exposed Email Confirmation...

GHSA-XQH8-5J36-4556 SQL Injection in connect-pg-simple

Impact An unlikely SQL injection if the case of an unsanitized table name input. Patches The user should upgrade to 6.0.1. Due to its low impact a backport has not been made to the 5.x branch. Workarounds If there is no likelihood that the tableName or schemaName options sent to the constructor...

CVE-2018-19577

GitLab CE/EE (versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1) is affected by an incorrect access control vulnerability that allows an unauthorized user to see the title and namespace of a confidential issue. Root cause: improper access control in issue metadata...

envoy/h1_capture_fuzz_test: Crash in Envoy::TestUtility::findCounter

Detailed report: https://oss-fuzz.com/testcase?key=5760304764420096 Project: envoy Fuzzer: libFuzzerenvoyh1capturefuzztest Fuzz target binary: h1capturefuzztest Job Type: libfuzzerasanenvoy Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7f23827ad980 Crash State:...

librawspeed/SonyArw2DecompressorFuzzer: Use-of-uninitialized-value in rawspeed::RawImageData::checkMemIsInitialized

Project: https://github.com/darktable-org/rawspeed.git Detailed report: https://oss-fuzz.com/testcase?key=5404007393656832 Project: librawspeed Fuzzer: libFuzzerlibrawspeedSonyArw2DecompressorFuzzer Fuzz target binary: SonyArw2DecompressorFuzzer Job Type: libfuzzermsanlibrawspeed Platform Id: lin...