15 matches found
CVE-2026-5262
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...
EUVD-2026-14913
Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect...
CVE-2019-11213
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. The endpoint would need to be already compromised for exploitation to succeed...
About the security content of macOS Tahoe 26.2
About the security content of macOS Tahoe 26.2 This document describes the security content of macOS Tahoe 26.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
EUVD-2018-13433
Malware in sbrugna...
EUVD-2015-5294
Malware in sbrugna...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...
Linux Distros Unpatched Vulnerability : CVE-2024-3035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allow...
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
CVE-2024-12880
A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...
PT-2024-38518 · Phoenix Contact · Fl Mguard 2102 +46
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A low privileged remote attacker can get access to CSRF tokens of higher privileged users, which can be abused to mount CSRF attacks. Recommendations: A...
Ovarro TBox RTUs 授权问题漏洞
Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. An authorization issue vulnerability exists in Ovarro TBox RTUs that stems from allowing a low-privileged user to access higher-privileged software security tokens, potentially allowing an attacker to...
PT-2022-23178 · Kubevela · Kubevela
Name of the Vulnerable Software and Affected Versions: KubeVela versions prior to 1.4.11 and 1.5.4 Description: KubeVela is an application delivery platform that could be affected by an authentication bypass issue. The VelaUX APIServer uses the PlatformID as the signed key to generate JWT tokens...
Tokens can be burned with no access control
Handle sirhashalot Vulnerability details Impact The Vault.sol contract has two address state variables, the keeper variable and the controller variable, which are both permitted to be the zero address. If both variables are zero simultaneously, any address can burn the available funds available...
UBUNTU-CVE-2021-39872
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...