118 matches found
CVE-2025-0516
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...
UBUNTU-CVE-2025-0516
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...
CVE-2025-0516 Incorrect Authorization in GitLab
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...
CVE-2025-0516
CVE-2025-0516 affects GitLab CE/EE. The vulnerability is caused by improper authorization that allows users with limited permissions to perform unauthorized actions on critical project data. Affected versions are GitLab: 17.7 before 17.7.4 and 17.8 before 17.8.2; these are vulnerable, per the pro...
CVE-2025-0516 Incorrect Authorization in GitLab
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...
CVE-2025-0516
Removed by vendor...
PT-2025-6790 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.7 prior to 17.7.4 GitLab CE/EE versions 17.8 prior to 17.8.2 Description: The issue allows users with limited permissions to perform unauthorized actions on critical project data due to improper authorization...
CVE-2022-39208
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability...
PT-2024-32456 · Cvat · Cvat
Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.19.1 Description: The issue allows an attacker with a CVAT account to retrieve certain information about any project, task, job, or membership resource on the CVAT instance. This...
Siemens Mendix Encryption Module Hardcoded Default Encryption Key Vulnerability
The Mendix Encryption module takes care of the following encryption requirements: plain text encryption e.g. passwords and FileDocument encryption e.g. documents or photos. A hard-coded default encryption key vulnerability exists in the Siemens Mendix Encryption module, which can be exploited by ...
CVE-2024-39888
A vulnerability has been identified in Mendix Encryption All versions = V10.0.0 V10.0.2. Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an...
PT-2024-34584 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.25 Description: The issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not...
CVE-2024-4151
CVE-2024-4151 affects lunary-ai/lunary 1.2.2. The issue is an improper access control in handling of PATCH and GET requests for template versions, allowing unauthorized users to view and update prompts across any project. Root cause: insufficient access checks in request handling leading to cross...
Lunary 访问控制错误漏洞
lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from the presence of incorrect access control and can be exploited by an attacker to manipulate or access sensitive project data, resulting in data integrity and confidentiality issues...
PT-2024-5973 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.6 through 17.0.5 GitLab CE/EE versions 17.1 through 17.1.3 GitLab CE/EE versions 17.2 through 17.2.1 Description: An issue in GitLab CE/EE allows disclosure of limited information of an exported group or project to...
CVE-2023-43503
A vulnerability has been identified in COMOS All versions V10.4.4. Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP...
Horner Automation Cscape 缓冲区错误漏洞
Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation. A buffer error vulnerability exists in Horner Automation Cscape version v9.90 SP8, which stems from a lack of proper validation of user-supplied data when parsing a projec...
Siemens SIMATIC CP 1543-1 Improper Privilege Management (CVE-2016-8561)
A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices. This plugin only works with...
CVEfixes-db
This repository is an offensive tool for collecting and processing CVE Common Vulnerabilities and Exposures data. It is a Python-based tool that collects CVE data from various sources, including the National Vulnerability Database NVD and GitHub, and stores it in a SQLite database. The tool is...
Wordpress Zephyr Project Manager 3.2.42 Plugin - Multiple SQL injection Vulnerabilities
Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi Exploit Author: Rizacan Tufan Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated Software Link: https://wordpress.org/plugins/zephyr-project-manager/ Vendor Homepage:...