CVE-2026-44125

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session...

CVE-2026-44127

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...

PT-2026-38958

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.4 Description The new GINA UI fails to enforce authorization checks for multiple endpoints. This allows unauthenticated remote attackers to access functionality that should require a valid...

EUVD-2022-34509

Malicious code in bioql PyPI...

CVE-2023-25449

Cross-Site Request Forgery CSRF vulnerability in Oliver Seidel, Bastian Germann cformsII plugin = 15.0.4 versions...

CVE-2024-41667

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

OpenAM FreeMarker template injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

GHSA-7726-43HG-M23V OpenAM FreeMarker template injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

CVE-2024-41667 OpenAM FreeMarker template injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

GitLab 13.7.x - 15.0.4, 15.1.x - 15.1.3, 15.2 Improper Access Control Vulnerability

GitLab is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 9.3.x - 15.0.4, 15.1.x - 15.1.3, 15.2 Information Exposure Vulnerability

GitLab is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 12.6.x - 15.0.4, 15.1.x - 15.1.3, 15.2 Information Exposure Vulnerability

GitLab is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 15.x - 15.0.4, 15.1.x - 15.1.3, 15.2 Improper Access Control Vulnerability

GitLab is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab < 14.10.5, 15.0.x < 15.0.4, 15.1.x < 15.1.1 Access Control Vulnerability

GitLab is prone to a access control vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

GitLab 14.8.x < 14.10.5, 15.0.x < 15.0.4, 15.1.x < 15.1.1 Authorization Bypass Vulnerability

GitLab is prone to an authorization bypass vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 8.13.x < 14.10.5, 15.0.x < 15.0.4, 15.1.x < 15.1.1 Improper Authorization Vulnerability

GitLab is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 14.0.x < 14.10.5, 15.0.x < 15.0.4, 15.1.x < 15.1.1 Command Injection Vulnerability

GitLab is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 14.0 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-2185)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to impo...

UBUNTU-CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...