EUVD-2025-209555

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain...

CVE-2025-6016

CVE-2025-6016 affects GitLab CE/EE: versions 9.2 through 18.9.5, 18.10 through 18.10.3, and 18.11 through 18.11.0. The issue allows an authenticated user to trigger a denial of service due to insufficient resource allocation limits when retrieving notes under certain conditions. The root cause is...

CVE-2025-55715

CVE-2025-55715 affects Themeisle Otter - Gutenberg Block (Plugins: Otter Blocks, Gutenberg Block) up to version 3.1.0. The root cause is the insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data from affected requests. This exposure is rated with CVSS 3....

CVE-2025-47444

Missing Authorization vulnerability in Damian Góra FiboSearch ajax-search-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiboSearch: from n/a through = 1.32.1...

CVE-2024-47830 Plane allows server side request forgery via /_next/image endpoint

Plane is an open-source project management tool. Plane uses the wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0...

CVE-2024-45186

FileSender before 2.49 allows server-side template injection SSTI for retrieving credentials...

CVE-2023-5193

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from the inability to properly check permissions when retrieving posts...

SuiteCRM authenticated SQL injection in export functionality

This module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from t...

GHSA-W3PW-QXJJ-6PRR Plone Authenticated Denial of Service vulnerability

traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service infinite loop and resource consumption via unspecified vectors related to "retrieving information for certain resources."...

CVE-2020-25251

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information...

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.11.6: Fix missing authorization check on pull for public repos of private/limited org 11656 11683 Use session for retrieving org teams 11438 11439...

Mail.ru: SSRF on fleet.city-mobil.ru leads to local file read

SSRF/LFR vulnerability via image retrieving functionality of operator's cabinet of fleet.city-mobil.ru...

macOS 10.14.3 iOS 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics

macOS 10.14.3 iOS 12.1.3 - Kernel Heap Overflow in PFKEY due to Lack of Bounds Checking when Retrieving Statistics / Inspired by Ned Williamsons's fuzzer I took a look at the netkey code. keygetsastat handles SADBGETSASTAT messages: It allocates a buffer based on the number of SAs there currently...

macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics

/ Inspired by Ned Williamsons's fuzzer I took a look at the netkey code. keygetsastat handles SADBGETSASTAT messages: It allocates a buffer based on the number of SAs there currently are: bufsize = ipsecsavcount + 1 sizeofsastatssav; KMALLOCWAITsastatssav, typeofsastatssav, bufsize; It the...

Retrieving all tables and their columns at once MSSQL

In the Name of ALLAH the Most Beneficent and the Merciful Zenodermus, Ch3rn0by1 and Me was workinn on MSSQL.. when Zenodermus thought to make a DIOS for MSSQL.. previously at Код: http://websec.ca/kb/sqlinjection DIOS is under the heading Retrieving Multiple Tables and Columns Код: AND 1=0; BEGIN...

PYSEC-2014-52

traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service infinite loop and resource consumption via unspecified vectors related to "retrieving information for certain resources."...

Retrieving the COM class factory for component with CLSID {xxxxxxxx} failed due to the following error: 800700c1.

Creating or copying folders with Veeam FastSCP 3.0.3 fails with the error: Retrieving the COM class factory for component with CLSID xxxxxxxx failed due to the following error: 800700c1...

FleaHttpd - Remote Denial of Service

!/usr/bin/python """ FleaHttpd Remote Denial Of Service Exploit by condis "FleaHttpd is a http daemon written from scratch in C. When working as a static file server, data show that under certain condition, fleahttpd's speed for static file retrieving can be three times faster than Apache2" proje...

BVScanner [ADSL]

Black Vlastelin Scanner Прошу любить и жаловать, многопоточный сканнер ADSL роутеров.. cканнер и скомуниздельщик паролей, всё в одном флаконе... Сканнер проходится по диапазону IP адресов, ломится на роутер, по дефолтным паролям, выдерает учётные записи .. и аккуратно записывает .. А собственно...