CVE-2026-41487

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

CVE-2026-41487

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

CVE-2026-41487

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

CVE-2021-22229

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...

EUVD-2025-37937

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

Taguette 跨站脚本漏洞

Taguette is a qualitative research tool by the individual developer Remi Rampin. A cross-site scripting vulnerability exists in Taguette versions prior to 1.5.0, which stems from a project member being able to insert JavaScript code into a name or description field, potentially leading to a...

EUVD-2005-1739

Malware in sbrugna...

EUVD-2020-5580

Malware in sbrugna...

EUVD-2024-32577

Malicious code in bioql PyPI...

EUVD-2023-43801

Malicious code in bioql PyPI...

EUVD-2021-9397

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-4011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1...

Linux Distros Unpatched Vulnerability : CVE-2022-2539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed ...

CVE-2025-26521

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...

CVE-2023-0485

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff wit...

CVE-2022-4343

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile...