9 matches found
CVE-2026-41487
Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...
EUVD-2020-5580
Malware in sbrugna...
EUVD-2023-43801
Malicious code in bioql PyPI...
EUVD-2024-32577
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-2539
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed ...
CVE-2025-26521
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...
CVE-2022-4343
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile...
CVE-2022-2539
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization...
PT-2021-22773 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.10 through 14.3.5 GitLab CE/EE versions 14.4 through 14.4.3 GitLab CE/EE versions 14.5 through 14.5.1 Description: The issue is related to improper access control, allowing any project member to retrieve the service...