CVE-2025-12653 Authentication Bypass by Spoofing in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions 18.3 through 18.4.5 or earlie...

PYSEC-2022-43011

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...

IBM API Connect 安全漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. IBM API Connect suffers from a security vulnerability that allows an attacker to be able to use ...

New Relic: removed user can still join the organization

hi, i would like to report an issue i have found that allow attacker to join organization even if the attacker is removed. i found out that when adding new user, if you add a new user without verifying the email address, you change the email of the user, the email address you initially send the...