CLEANSTART-2026-MM00120 Security fixes for CVE-2024-47535, CVE-2024-47561, CVE-2024-7254, CVE-2025-24970, CVE-2025-25193, CVE-2025-33042, CVE-2025-48924, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-67735, CVE-2025-68161, CVE-2026-41417, ghsa-3pxv-7cmr-fjr4, ghsa-445c-vh5m-36rj, ghsa-6hg6-v5c8-fphq, ghsa-72hv-8253-57qq, ghsa-pwqr-wmgm-9rr8, ghsa-w9fj-cfpg-grvv applied in versions: 13.8-r0, 13.9-r0

Multiple security vulnerabilities affect the wavefront-proxy package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2026-15833

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...

EUVD-2021-9372

Malicious code in bioql PyPI...

CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

GitLab 13.9 < 13.11.6 / 13.12 < 13.12.6 / 14.0 < 14.0.2 (CVE-2021-22226)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 CVE-2021-22226 Note that Nessus has not tested for...

CVE-2024-24877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9...

GitLab 10.6 < 13.8.7 / 13.9 < 13.9.5 / 13.10 < 13.10.1 (CVE-2021-22197)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target...

XWiki 13.9-rc-1 < 13.10.8, 14.x < 14.4.3, 14.5.x < 14.7 Information Disclosure Vulnerability (GHSA-vvp7-r422-rx83)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

GitLab 13.9 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Information Exposure Vulnerability

GitLab is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

PT-2022-16900 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 12.10.11 XWiki Platform versions prior to 13.4.4 XWiki Platform versions prior to 13.9-rc-1 Description: A guest user without the right to view pages of the wiki can still list documents by rendering some...

CVE-2021-39911

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...

CVE-2021-22226

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9...

Design/Logic Flaw

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9...

CVE-2021-22226

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9...

PT-2021-6693 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.9 and later Description: The issue allows certain users to push to protected branches that were restricted to deploy keys. This can be exploited by a remote attacker to access confidential data and compromise its...

UBUNTU-CVE-2021-22201

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...

CVE-2021-22203

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server...