CVE-2025-1516

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service...

Malicious code in democratic_bovid_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b59ebd75724ecbda8df623e82211d716b6357e3c4525896430e014e93630a39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-104853 Malicious code in kresna-empal65-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8e2e40e4d5e615e3b52d116eb7fa38c233012732c8569f1fa8de243e5b4b58c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-99438 Malicious code in andi-kue87-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06f7a7a2015d5e720a64f2cba05497bb8ff926712a71629c606bc183a043609b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-91430 Malicious code in ugly_chickadee_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 439c1d4d3d5a2b39a36d46e918fb8af158fd791f9d345ceb9fdd6157b95194e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

GHSA-FV2R-R8MP-PG48 Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

EUVD-2025-29016

Malicious code in bioql PyPI...

BIT-GITLAB-2025-10094 Improper Validation of Specified Quantity in Input in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large...

CVE-2025-10094 Improper Validation of Specified Quantity in Input in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large...

CVE-2025-10094

CVE-2025-10094 affects GitLab CE/EE, impacting all versions from 10.7 before 18.1.6; 18.2 before 18.2.6; and 18.3 before 18.3.2. The issue allows authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names, a root c...

PT-2025-37286

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.7 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An issue exists in GitLab CE/EE that allows authenticated users to disrupt access to token listings and...

GitLab 10.7 < 18.1.6 / 18.2 < 18.2.6 / 18.3 < 18.3.2 (CVE-2025-10094)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to...

Linux Distros Unpatched Vulnerability : CVE-2025-1516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input...

CVE-2025-1516 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service...

CVE-2025-1516

CVE-2025-1516 affects GitLab CE/EE and is caused by improper input validation in Tokens Names, which could trigger a denial of service. Affected versions are GitLab from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Multiple connected sources (Red Hat, Debian, Ubuntu, NVD, osv...

GitLab 访问控制错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An access control error vulnerability exists in GitLab Community Edition, whic...

Insuffiecient input validation in initialize() in LendingPair.sol

Handle JMukesh Vulnerability details Impact function initialize address lpTokenMaster, address controller, IERC20 tokenA, IERC20 tokenB It lack the input validtion of tokenA and tokenB whether they are different or not , if it is same then we will have two lptoken with same address but different...