CVE-2024-8266 Execution with Unnecessary Privileges in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances...

CVE-2024-8266 Execution with Unnecessary Privileges in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances...

CVE-2024-8266

CVE-2024-8266 affects GitLab CE/EE, versions starting from 17.1 up to, but not including, 17.6.0. The issue allows an attacker with the maintainer role to trigger a pipeline as the project owner under certain circumstances, exposing potential high-privilege pipeline execution. The vulnerability i...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition and GitLab Community...

PT-2025-6770 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.1 through 17.5 Description: An issue was discovered in GitLab CE/EE, which allows an attacker with a maintainer role to trigger a pipeline as the project owner under certain circumstances. Recommendations: For version...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in rtmpsrv.c, which takes a stream as input without validation of its playpath value. This allows an attacker to trigger a crash by convincing a user to open a malicious RTMP stream. Remediation There is no fixe...

CVE-2021-40407

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This...

CVE-2021-44361

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Set3G param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44390

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44405

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. StartZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44399

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2020-6111

An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000...

CVE-2024-27275

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...

PT-2025-5349 · Unknown · Django-Unicorn

Name of the Vulnerable Software and Affected Versions: Django-Unicorn versions prior to 0.62.0 Description: The vulnerability arises from the core functionality set property value, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of the...

com.enflick.android.TextNow 安全漏洞

com.enflick.android.TextNow TextNow: Call + Text Unlimited is a mobile application from TextNow, Inc. A security vulnerability exists in com.enflick.android.TextNow version 24.17.0.2, which originates from allowing any installed application to send a crafted intent to make a phone call via a...

The vulnerability of the Linux operating system’s kernel Wi-Fi component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel Wi-Fi component is related to improper blocking mechanisms. Exploiting this vulnerability can allow attackers to cause service failures...

Malicious code in trigger-gitlab-pipeline (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

PT-2025-5374 · Broadcom · Symantec Privileged Access Management

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP addres...

frozen 代码问题漏洞

frozen is an open source JSON parser and generator for C/C++ from Cesanta Software. A code issue exists in frozen versions prior to 1.7, which is caused by a null pointer dereference. An attacker exploiting this vulnerability could trigger a crash of a component embedded in the library by providi...

D-Link DIR-816A2 form2PortriggerRule.cgi Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control in the form2PortriggerRule.cgi component, which can be exploited by an unauthenticated attacker to set a port trigger via a...