Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab...

Denial of service

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after t...

Tecnick.com TCExam Cross-Site Scripting Vulnerability (CNVD-2020-32376)

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A cross-site scripting vulnerability exists in Tecnick.com TCExam version 14.2.2, which can be exploited by remote attackers to inject malicious JavaScript code...

Tecnick.com TCExam Path Traversal Vulnerability

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A path traversal vulnerability exists in Tecnick.com TCExam version 14.2.2, which can be exploited by a remote attacker to read the contents of an arbitrary file ...

Tecnick.com TCExam Information Disclosure Vulnerability

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A security vulnerability exists in Tecnick.com TCExam version 14.2.2. A remote attacker could exploit the vulnerability to access the test's metadata...