CVE-2025-9957

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to...

CVE-2025-9957

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.9.6, 18.10....

CVE-2021-22215

An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects...

EUVD-2021-9361

Malicious code in bioql PyPI...

EUVD-2023-33969

Malicious code in bioql PyPI...

BIT-GITLAB-2025-3396 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...

CVE-2025-3396

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...

CVE-2025-3396 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...

CVE-2025-3396 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...

CVE-2023-4009

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation...

PyPI Implements Mandatory Two-Factor Authentication for Project Owners

The Python Package Index PyPI announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication 2FA by the end of the year. "Between now and the end of the year, PyPI will begin gating access to...

PyPI Implements Mandatory Two-Factor Authentication for Project Owners

The Python Package Index PyPI announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication 2FA by the end of the year. "Between now and the end of the year, PyPI will begin gating access to...

Increase balance for project without paying

Lines of code Vulnerability details Impact It seems that project owners can directly call recordAddedBalanceFor function at JBSingleTokenPaymentTerminalStore.solL696 to increase their project balance without paying anything Proof of Concept 1. Observe the recordAddedBalanceFor function 2. There i...

GHSA-53PJ-67M4-9W98 Rancher code injection via fluentd config commands

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

GitLab EE 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug list, and more. A security vulnerability exists in GitLab EE version 13.11...

CVE-2019-12303

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

Design/Logic Flaw

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

CVE-2019-12303

In Rancher 2.x (up to 2.2.3), project owners can inject fluentd configuration to read files or execute arbitrary commands inside the fluentd container due to a flawed fluentd config handling (CVE-2019-12303). The issue is evidenced by multiple sources in the connected documents showing code-injec...

CVE-2019-12303

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...