19 matches found
CVE-2026-16122
Nextlevelbuilder GoClaw up to 3.13.2 is affected by CVE-2026-16122. The vulnerability is in extractBin/RequestApproval/matchesAllowlist of internal/tools/exec_approval.go and allows manipulation that results in incorrect authorization. The exploit has been released publicly and may be used for at...
CVE-2019-11546
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge...
CVE-2025-12095 Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval
The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-role-admin.php file. This makes it possible...
CVE-2025-12095 Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval
The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-role-admin.php file. This makes it possible...
CVE-2025-12095
CVE-2025-12095 concerns the WordPress plugin Simple Registration for WooCommerce (up to version 1.5.8). The root cause is missing nonce validation on the role-requests admin page handler in includes/display-role-admin.php, enabling CSRF that can privilege-escalate via forged requests if an admin ...
EUVD-2021-26265
Malware in sbrugna...
EUVD-2019-3217
Malware in sbrugna...
EUVD-2024-44207
Malicious code in bioql PyPI...
EUVD-2023-54656
Malicious code in bioql PyPI...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site scripting issue in labels impacts GitLab CE/EE Cross-site scripting issue in Workitem impacts GitLab CE/EE Improper Handling of Permissions issue in project API impacts GitLab CE/EE Incorrect Privilege...
CVE-2021-39909
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval...
CVE-2019-5474
An authorization issue was discovered in GitLab EE 12.1.2, 12.0.4, and 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions...
CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center
Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...
CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center
Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...
CVE-2024-6512
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.2.10 and earlier, which stems from an authorization bypass vulnerability in the PAM...
PT-2021-22783 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.4 through 14.3.5 GitLab CE/EE versions 14.4 through 14.4.3 GitLab CE/EE versions 14.5 through 14.5.1 Description: The issue is related to improper access control in the GitLab CE/EE API. This allows an author of a Merg...
PT-2021-22755 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.3 through 14.2.6 GitLab EE versions 14.3 through 14.3.4 GitLab EE versions 14.4 through 14.4.1 Description: The issue is related to a lack of email address ownership verification in the CODEOWNERS feature. This allows an...
FreeBSD : Gitlab -- Multiple Vulnerabilities (1cd89254-b2db-11e9-8001-001b217b3468)
Gitlab reports : GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...