EUVD-2021-26286

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-39930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a...

CVE-2021-39930

Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates...

CVE-2024-12140 Elementor AI Addons – 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Contributor+) Private Templates Content Disclosure

The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it...

PT-2024-18266 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.0.1 Description: The issue allows removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform...

Linking for Confluence 跨站脚本漏洞

Linking for Confluence is enabling one-click linking to access Confluence templates, aggregate resources, and create structured content. A security vulnerability exists in Linking for Confluence version 5.5.7, which can be exploited by an attacker to remotely launch a cross-site scripting attack...

GHSA-94Q8-GX29-6MQV Magento Injection vulnerability via email templates

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database...

GHSA-45GJ-78HC-4MVC Magento SQL injection via marketing account with access to email templates variables

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables...

Foreman 访问控制错误漏洞

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A security vulnerability exists in Foreman Ansible where an authenticated attacker with specific...

PT-2021-22769 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.4 through 14.3.6 GitLab EE versions 14.4.0 through 14.4.4 GitLab EE versions 14.5.0 through 14.5.2 Description: The issue concerns missing authorization, allowing an attacker to access a user's custom project and group...