Lucene search
K

118 matches found

NVD
NVD
added 2025/02/12 4:15 p.m.11 views

CVE-2025-0516

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...

4.3CVSS0.00276EPSS
Exploits1References2
OSV
OSV
added 2025/02/12 4:15 p.m.2 views

UBUNTU-CVE-2025-0516

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...

4.3CVSS5.8AI score0.00276EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/02/12 3:30 p.m.12 views

CVE-2025-0516 Incorrect Authorization in GitLab

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...

4.3CVSS4.4AI score0.00276EPSS
Exploits1References2
CVE
CVE
added 2025/02/12 3:30 p.m.305 views

CVE-2025-0516

CVE-2025-0516 affects GitLab CE/EE. The vulnerability is caused by improper authorization that allows users with limited permissions to perform unauthorized actions on critical project data. Affected versions are GitLab: 17.7 before 17.7.4 and 17.8 before 17.8.2; these are vulnerable, per the pro...

4.3CVSS4.4AI score0.00276EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/02/12 3:30 p.m.27 views

CVE-2025-0516 Incorrect Authorization in GitLab

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...

4.3CVSS0.00276EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2025/02/12 3:30 p.m.6 views

CVE-2025-0516

Removed by vendor...

4.3CVSS5.8AI score0.00276EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.4 views

PT-2025-6790 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.7 prior to 17.7.4 GitLab CE/EE versions 17.8 prior to 17.8.2 Description: The issue allows users with limited permissions to perform unauthorized actions on critical project data due to improper authorization...

4.3CVSS6.7AI score0.00276EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/02/05 7:34 p.m.10 views

CVE-2022-39208

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability...

7.5CVSS6.6AI score0.01434EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.6 views

PT-2024-32456 · Cvat · Cvat

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.19.1 Description: The issue allows an attacker with a CVAT account to retrieve certain information about any project, task, job, or membership resource on the CVAT instance. This...

5.4CVSS6.9AI score0.00262EPSS
Exploits0References7
CNVD
CNVD
added 2024/07/10 12:0 a.m.6 views

Siemens Mendix Encryption Module Hardcoded Default Encryption Key Vulnerability

The Mendix Encryption module takes care of the following encryption requirements: plain text encryption e.g. passwords and FileDocument encryption e.g. documents or photos. A hard-coded default encryption key vulnerability exists in the Siemens Mendix Encryption module, which can be exploited by ...

8.7CVSS6.7AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 12:5 p.m.32 views

CVE-2024-39888

A vulnerability has been identified in Mendix Encryption All versions = V10.0.0 V10.0.2. Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an...

8.7CVSS0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.5 views

PT-2024-34584 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.25 Description: The issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not...

5.4CVSS5.6AI score0.00298EPSS
Exploits1References7
CVE
CVE
added 2024/05/20 2:14 p.m.66 views

CVE-2024-4151

CVE-2024-4151 affects lunary-ai/lunary 1.2.2. The issue is an improper access control in handling of PATCH and GET requests for template versions, allowing unauthorized users to view and update prompts across any project. Root cause: insufficient access checks in request handling leading to cross...

8.3CVSS6.6AI score0.00391EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/05/20 12:0 a.m.3 views

Lunary 访问控制错误漏洞

lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from the presence of incorrect access control and can be exploited by an attacker to manipulate or access sensitive project data, resulting in data integrity and confidentiality issues...

8.3CVSS6.7AI score0.00391EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.3 views

PT-2024-5973 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.6 through 17.0.5 GitLab CE/EE versions 17.1 through 17.1.3 GitLab CE/EE versions 17.2 through 17.2.1 Description: An issue in GitLab CE/EE allows disclosure of limited information of an exported group or project to...

5CVSS6.6AI score0.00312EPSS
Exploits0References10
OSV
OSV
added 2023/11/14 11:15 a.m.5 views

CVE-2023-43503

A vulnerability has been identified in COMOS All versions V10.4.4. Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP...

7.5CVSS5.7AI score0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.5 views

Horner Automation Cscape 缓冲区错误漏洞

Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation. A buffer error vulnerability exists in Horner Automation Cscape version v9.90 SP8, which stems from a lack of proper validation of user-supplied data when parsing a projec...

7.8CVSS8AI score0.00227EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/02 12:0 a.m.23 views

Siemens SIMATIC CP 1543-1 Improper Privilege Management (CVE-2016-8561)

A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices. This plugin only works with...

6.6CVSS6.4AI score0.01585EPSS
Exploits0References6
Gitee
Gitee
added 2023/03/09 1:44 p.m.5 views

CVEfixes-db

This repository is an offensive tool for collecting and processing CVE Common Vulnerabilities and Exposures data. It is a Python-based tool that collects CVE data from various sources, including the National Vulnerability Database NVD and GitHub, and stores it in a SQLite database. The tool is...

7.6AI score
Exploits0
0day.today
0day.today
added 2022/10/06 12:0 a.m.264 views

Wordpress Zephyr Project Manager 3.2.42 Plugin - Multiple SQL injection Vulnerabilities

Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi Exploit Author: Rizacan Tufan Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated Software Link: https://wordpress.org/plugins/zephyr-project-manager/ Vendor Homepage:...

9.8CVSS0.3AI score0.09675EPSS
Exploits5
Rows per page
Query Builder