TYPO3 CMS Allows Broken Access Control in Redirects Module

Problem Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record - without restriction to the user’s own file‑mounts or web‑mounts. This allowed attackers to insert or alter redirects pointing to...

CVE-2024-35224

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...

CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...

CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...

GitLab < 13.11.6 (CVE-2021-22228)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access contro...

Vulnerabilities fixed in Adobe Bridge

Adobe has fixed vulnerabilities in Adobe Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...

Adobe Bridge Multiple Vulnerabilities (APSB24-15) - Windows

The Adobe Bridge device is missing a security update announced via the apsb24-15 advisory. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

BIT-GITLAB-2021-22232

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...

PT-2024-19972 · Symantec · Symantec Data Loss Prevention

Name of the Vulnerable Software and Affected Versions: Symantec Data Loss Prevention versions 14.0.2 and earlier Description: A buffer overflow issue exists, allowing a remote, unauthenticated attacker to exploit it by enticing a user to open a crafted document, which can lead to code execution...

GitLab 11.9 < 13.11.6 / 13.12 < 13.12.6 / 14.0 < 14.0.2 (CVE-2021-22223)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...

DigiExam 安全漏洞

DigiExam is an exam platform from the Swedish company DigiExam. A security vulnerability exists in DigiExam version v14.0.2, which stems from a lack of integrity checking of native modules, allowing an attacker to access PII and take over accounts on a shared computer...

CVE-2021-22246

A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks...

CVE-2021-22224

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim...

CVE-2021-22224

Removed by vendor...

Improper access control

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql...

CVE-2021-22232

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...

CVE-2021-22232

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...

Design/Logic Flaw

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...

PT-2021-6697 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE versions prior to 13.11.6 GitLab CE versions prior to 13.12.6 GitLab CE versions prior to 14.0.2 Description: The issue is related to insufficient neutralization of special elements in a request, allowing a remote attacker to impact...

Brocade Network Advisor Directory Traversal Vulnerability (CNVD-2017-00700)

Brocade Network Advisor is a set of management tools for the entire network lifecycle from Brocade Communications Systems Brocade. A directory traversal vulnerability exists in the FileReceiveServlet in Brocade Network Advisor 14.0.2 and earlier versions. A remote attacker could exploit this...