PT-2026-44070

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.10.6 GitLab CE/EE versions 18.11 through 18.11.3 GitLab CE/EE versions 19.0 through 19.0.0 Description Incorrect authorization checks under certain conditions could allow an unauthorized user to enumerate...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE from 18.2 to 18.10.7,...

CVE-2023-5872

Wago Smart Designer (versions up to 2.33.1) is vulnerable to an information disclosure vulnerability where a low-privileged remote attacker can enumerate projects and usernames by issuing iterative requests to a specific endpoint. This is documented in CVE-2023-5872 with a CVSS v3.1 base score of...

CVE-2023-5872

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

WAGO Smart Designer 安全漏洞

WAGO Smart Designer is a engineering design software developed by the German company WAGO. Versions of WAGO Smart Designer 2.33.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the ability of certain endpoints to allow iterative requests, which may lead to the...

CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

EUVD-2025-203447

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

GHSA-3PMH-24WP-XPF4 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Impact It was possible to retrieve user notification settings or list all users via API. Patches https://github.com/WeblateOrg/weblate/pull/17256 References Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to Weblate...

Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Impact It was possible to retrieve user notification settings or list all users via API. Patches https://github.com/WeblateOrg/weblate/pull/17256 References Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to Weblate...

EUVD-2020-25294

Malware in sbrugna...

EUVD-2020-21824

Malware in sbrugna...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the export process in the images API endpoint. An attacker can determine the existence of projects by analyzing differences in HTTP status codes returned when querying with crafted fingerprints, such as using...

CVE-2024-45856

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...

CVE-2024-36106

A flaw was found in Argo-CD. Error messages in Argo-CD may contain sensitive information, such as clusters and project names, which allows authenticated malicious users to enumerate possible targets...

CVE-2024-36106

Affected product: Argo CD (GitOps for Kubernetes). Vulnerability: Authenticated users may enumerate clusters by name via error messages and, if cluster names are known, enumerate project-scoped cluster names as well. Root cause / status: Information disclosure through verbose error messages. Impa...

PT-2024-5352 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate...

CVE-2020-29451

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version...