CVE-2026-11440

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

CVE-2026-11440

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

CVE-2026-11438

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

EUVD-2026-34974

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

Linux Distros Unpatched Vulnerability : CVE-2022-2303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15....

CVE-2023-52203

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5...

PT-2024-14469 · Cformsii · Cformsii

Name of the Vulnerable Software and Affected Versions: cformsII versions through 15.0.5 Description: The issue affects cformsII, allowing Stored XSS due to improper neutralization of input during web page generation. This is a Cross-site Scripting vulnerability. Recommendations: For versions...

CVE-2023-30540 Chat poll data can still be queried from API after purging history in Nextcloud talk

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it...

CVE-2022-2499

GitLab EE Jira integration contains an insecure direct object reference vulnerability that may allow an attacker to leak Jira issues. Affected GitLab EE versions: 13.10–15.0.4, 15.1–15.1.3, and 15.2–15.2.0. Root cause is an insecure direct object reference in the Jira integration. Remediation by ...

PT-2022-16742 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 15.0.5 GitLab EE versions 15.1 through 15.1.4 GitLab EE versions 15.2 through 15.2.1 Description: An issue has been discovered in GitLab EE where email invited members may be able to join a project even after the...

PT-2022-17026 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 15.0.5 GitLab EE versions 15.1 prior to 15.1.4 GitLab EE versions 15.2 prior to 15.2.1 Description: The issue is related to pipeline subscriptions in GitLab EE, where new pipelines are triggered with the person who...

PT-2022-17039 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.0.5 GitLab CE/EE versions 15.1 prior to 15.1.4 GitLab CE/EE versions 15.2 prior to 15.2.1 Description: A cross-site scripting issue has been discovered, allowing attackers to perform arbitrary actions on beha...

PT-2022-17043 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 15.0.5 GitLab EE versions 15.1 prior to 15.1.4 GitLab EE versions 15.2 prior to 15.2.1 Description: The issue is related to improper access control, allowing an attacker to bypass IP allow-listing and download...

PT-2022-17035 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.10 through 15.0.4 GitLab EE versions 15.1 through 15.1.3 GitLab EE versions 15.2 through 15.2.0 Description: An issue has been discovered in GitLab EE's Jira integration, which has an insecure direct object reference...

PT-2022-16520 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.0.5 GitLab CE/EE versions 15.1 prior to 15.1.4 GitLab CE/EE versions 15.2 prior to 15.2.1 Description: The issue is related to insufficient validation in GitLab, allowing an authenticated and authorized user ...

GitLab 12.5 < 15.0.5 / 15.1 < 15.1.4 / 15.2 < 15.2.1 (CVE-2022-2531)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab...

GitLab 0.0 < 15.0.5 / 15.1 < 15.1.4 / 15.2 < 15.2.1 (CVE-2022-2500)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows...

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in all versions of GitLab CE/EE prior to versio...

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability in GitLab CE/EE all versions prior to 15.0.5, all...