GitLab Enterprise Edition（EE） 代码注入漏洞

GitLab Enterprise Edition EE is a content management system developed by the American company GitLab. Versions of GitLab Enterprise Edition prior to 18.8.9, 18.9.5, and 18.10.3 contained a code injection vulnerability. This vulnerability stemmed from authorization issues in the code quality repor...

CVE-2024-47063 Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate a...

CVE-2024-47063 Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate a...

Recognizing Q4 Top 5 Bounty Hunters

We have tabulated the results from April-June 2018. The Top 5 Bounty Hunters for Q4 are now in. As with our list from Q3, we want to recognize both the leaders in payouts and in number of successful submissions. We appreciate the hard work and dedication of the following individuals and companies...

Starbucks: Leaking sensitive files on Github leads to internal files (python scripts,SQL files)

@samidrif discovered a source repository containing sensitive and internal development information including Starbucks code and documentation. @samidrif delivered a quality report detailing his find, suspected impact, and suggestions for remediation. The repository was removed and necessary...