Lucene search
+L

19 matches found

CVE
CVE
added yesterday9 views

CVE-2026-16122

Nextlevelbuilder GoClaw up to 3.13.2 is affected by CVE-2026-16122. The vulnerability is in extractBin/RequestApproval/matchesAllowlist of internal/tools/exec_approval.go and allows manipulation that results in incorrect authorization. The exploit has been released publicly and may be used for at...

4.8CVSS4.8AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 10:12 a.m.10 views

CVE-2019-11546

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge...

5.3CVSS6.4AI score0.00644EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/25 5:31 a.m.7 views

CVE-2025-12095 Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval

The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-role-admin.php file. This makes it possible...

8.8CVSS5.3AI score0.00186EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/25 5:31 a.m.17 views

CVE-2025-12095 Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval

The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-role-admin.php file. This makes it possible...

8.8CVSS0.00186EPSS
Exploits0References3
CVE
CVE
added 2025/10/25 5:31 a.m.27 views

CVE-2025-12095

CVE-2025-12095 concerns the WordPress plugin Simple Registration for WooCommerce (up to version 1.5.8). The root cause is missing nonce validation on the role-requests admin page handler in includes/display-role-admin.php, enabling CSRF that can privilege-escalate via forged requests if an admin ...

8.8CVSS5.3AI score0.00186EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-26265

Malware in sbrugna...

5.3CVSS5.3AI score0.00594EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-3217

Malware in sbrugna...

5.3CVSS5.3AI score0.00644EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-44207

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-54656

Malicious code in bioql PyPI...

7.6CVSS6.4AI score0.0051EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/08/13 12:0 a.m.7 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site scripting issue in labels impacts GitLab CE/EE Cross-site scripting issue in Workitem impacts GitLab CE/EE Improper Handling of Permissions issue in project API impacts GitLab CE/EE Incorrect Privilege...

8.7CVSS6.9AI score0.00453EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:14 p.m.4 views

CVE-2021-39909

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval...

5.3CVSS6.1AI score0.00594EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:42 a.m.7 views

CVE-2019-5474

An authorization issue was discovered in GitLab EE 12.1.2, 12.0.4, and 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions...

6.5CVSS6.4AI score0.01081EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/04 6:49 p.m.17 views

CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

5.3CVSS0.00308EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/04 6:49 p.m.6 views

CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

5.3CVSS6.4AI score0.00308EPSS
Exploits0References3
OSV
OSV
added 2024/09/25 2:15 p.m.3 views

CVE-2024-6512

Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.4 views

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.2.10 and earlier, which stems from an authorization bypass vulnerability in the PAM...

6.5CVSS6.8AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/12/13 12:0 a.m.4 views

PT-2021-22783 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.4 through 14.3.5 GitLab CE/EE versions 14.4 through 14.4.3 GitLab CE/EE versions 14.5 through 14.5.1 Description: The issue is related to improper access control in the GitLab CE/EE API. This allows an author of a Merg...

4CVSS3.2AI score0.00908EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.8 views

PT-2021-22755 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.3 through 14.2.6 GitLab EE versions 14.3 through 14.3.4 GitLab EE versions 14.4 through 14.4.1 Description: The issue is related to a lack of email address ownership verification in the CODEOWNERS feature. This allows an...

5.3CVSS5AI score0.00594EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.14 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (1cd89254-b2db-11e9-8001-001b217b3468)

Gitlab reports : GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...

6AI score
Exploits0References2
Rows per page
Query Builder