CVE-2024-8613

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...

CVE-2024-8613

CVE-2024-8613 affects gaizhenbiao/chuanhuchatgpt (version 20240802). The vulnerability arises from improper handling of session data and lack of access control, enabling an attacker to view, copy, and delete other users’ chat histories. Multiple sources (NVD, Red Hat, CNVD, OSV, CVE list) corrobo...

CVE-2024-8613 Improper Access Control in gaizhenbiao/chuanhuchatgpt

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...

ChuanhuChatGPT 访问控制错误漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An access control error vulnerability exists in ChuanhuChatGPT version 20240802, which stems from improper handling of session data and lack ...

Linux Distros Unpatched Vulnerability : CVE-2016-7125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote...

Siemens Teamcenter Redirection Vulnerability

Teamcenter software is an adaptable, modern Product Lifecycle Management PLM system that connects people and processes across functional silos through digital threads to enable innovation. A redirection vulnerability exists in the Siemens Teamcenter SSO login service, which can be exploited by an...

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...

CVE-2025-23363

Summary (CVE-2025-23363): Siemens Teamcenter V14.x products disclose an open-redirect issue in the SSO login service. The SSO accepts user-controlled input that can specify an external URL, enabling an attacker to lure a legitimate user into clicking a crafted link that redirects to a malicious s...

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...

CVE-2024-25122

sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, bu...

BIT-GITLAB-2024-11274 URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration...

CVE-2024-11274

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration...

CVE-2024-11274 URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration...

CVE-2024-11274

CVE-2024-11274 affects GitLab CE/EE: all versions from 16.1 up to 17.4.6, from 17.5 up to 17.5.4, and from 17.6 up to 17.6.2. The vulnerability is the injection of Network Error Logging (NEL) headers in Kubernetes proxy responses, which could lead to session data exfiltration. The available conne...

CVE-2024-11274 URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration...

CVE-2024-11274

Removed by vendor...

GitLab 输入验证错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from an input validation error vulnerability that stems from th...

PT-2024-9581 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.1 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: An issue was discovered in GitLab CE/EE where the injection of Network Error Logging NEL headers in the...

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of sensitive information in unencrypted form, allowing attackers to gain access to confidential data.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of passwords in an unencrypted form during session data. Exploiting this vulnerability can allow attackers to gain access to confidential information...