PT-2026-3720

Name of the Vulnerable Software and Affected Versions Oracle FLEXCUBE Investor Servicing versions 14.5.0.15.0 through 14.8.0.1.0 Description A security issue exists within the Security Management System component of the Oracle FLEXCUBE Investor Servicing product. A low-privileged attacker with...

CVE-2022-0371

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails...

EUVD-2024-28460

Malicious code in bioql PyPI...

CVE-2024-51794

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sellerthemes Storely storely allows Stored XSS.This issue affects Storely: from n/a through = 14.7...

WordPress Storely Theme <= 14.7 is vulnerable to Cross Site Scripting (XSS)

Software Storely Type Theme Vulnerable versions = 14.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51794 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 445ba07ef882 Credits stealthcopter Required privilege Contributor...

WordPress plugin VS Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an application plugin. A...

GitLab 12.7 < 14.5.4 / 14.6 < 14.6.4 / 14.7 < 14.7.1 (CVE-2022-0390)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the...

CVE-2023-4700 Missing Authorization in GitLab

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals...

XWiki 13.10.10 < 13.10.11, 14.x < 14.4.7, 14.7.x < 14.10 XSS Vulnerability (GHSA-hmm7-6ph9-8jf2)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 13.9-rc-1 < 13.10.8, 14.x < 14.4.3, 14.5.x < 14.7 Information Disclosure Vulnerability (GHSA-vvp7-r422-rx83)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 3.2-m3 < 13.10.9, 14.x < 14.4.4, 14.5.x < 14.7 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (GHSA-5cf8-vrr8-8hjm)

Xwiki is prone to an exposure of sensitive information to an unauthorized actor vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

XWiki 3.1-milestone-1 < 13.10.9, 14.x < 14.4.4, 14.5.x < 14.7 Privilege Escalation Vulnerability (GHSA-8cw6-4r32-6r3h)

Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...

Security fix for the ALT Linux 10 package postgresql14 version 14.7-alt1

14.7-alt1 built Feb. 20, 2023 Alexei Takaseev in task 314938 Feb. 8, 2023 Alexei Takaseev - 14.7 Fixes CVE-2022-41862 - Conflicts: 14-1C - 15-1C...

CVE-2021-31673

A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...

GitLab 14.7 < 14.7.7 / 14.8 < 14.8.5 / 14.9 < 14.9.2 (CVE-2022-1162)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2...

GitLab 10.x < 14.5.4, 14.6.x < 14.6.4, 14.7.x < 14.7.1 Information Disclosure Vulnerability

GitLab is prone to a information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 12.4.x < 14.5.4, 14.6.x < 14.6.4, 14.7.x < 14.7.1 Improper Access Control Vulnerability

GitLab is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 14.7.x < 14.7.7, 14.8.x < 14.8.5, 14.9.x < 14.9.2 Hardcoded Password Vulnerability

GitLab is prone to a hardcoded password vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

Hardcoded credentials

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

CVE-2022-0371

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails...