24 matches found
n8n 安全漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of project member checks on public API variable endpoints, allowing...
CVE-2019-20869
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel...
Files 授权问题漏洞
Files is a single-file PHP application by the individual developer Karl Ward. It can be dragged and dropped into any directory, allowing browsing of the files and directories within. An authorization issue vulnerability exists in Files versions prior to 0.16.11 and 0.17.2, which stems from...
CVE-2025-65963
CVE-2025-65963 affects the Files module used to manage files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users in public spaces to create folders and to upload or download files as a ZIP archive; private spaces are not ...
CVE-2025-65963 CFiles Unauthorized Folder/ZIP Access in Public Spaces
Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has bee...
EUVD-2019-4042
Malware in sbrugna...
EUVD-2024-49615
Malicious code in bioql PyPI...
CVE-2024-8650
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
CVE-2020-14457
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...
CVE-2019-12432
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure...
CVE-2019-11544
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository...
BIT-GITLAB-2024-8650 Incorrect Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
CVE-2024-8650
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
UBUNTU-CVE-2024-8650
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
CVE-2024-8650 Incorrect Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
PT-2024-6746 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.1 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description: The issue is related to inadequate access control in GitLab, a collaborative coding platform. It allow...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from the inability to check if compliance export is enabled when fetching posts from a public channel, allowing users who are not members of...
CVE-2023-3511 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a...
PT-2023-22003 · Nextcloud · Nextcloud Talk
Name of the Vulnerable Software and Affected Versions: Nextcloud Talk versions prior to 14.0.9 Nextcloud Talk versions prior to 15.0.4 Description: The issue arises from the talk app not properly filtering access to a conversation's member list. This allows an attacker to gain information about t...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that...