EUVD-2026-30225

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

PT-2026-20947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...

EUVD-2025-37305

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savefields function in all versions up to, and including, 16.7. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

WordPress User Extra Fields plugin <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via savefields Function vulnerability discovered by Tonn in WordPress Plugin User Extra Fields versions = 16.7...

EUVD-2025-12136

Malicious code in bioql PyPI...

BIT-GITLAB-2024-6685 Authorization Bypass Through User-Controlled Key in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members...

GitLab 16.7 < 17.1.7 / 17.3 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-6685)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to...

UBUNTU-CVE-2024-4784

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy...

CVE-2024-7057 Improper Access Control in GitLab

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...

CVE-2024-3959

CVE-2024-3959 affects GitLab CE/EE: all versions from 16.7 up to 16.11.5, 17.0 up to 17.0.3, and 17.1 up to 17.1.1. Issue: improper authorization that allows private job artifacts to be accessed by any user. Impact: exposure of private artifacts; no integrity/availability impact stated beyond acc...

CVE-2024-4006

CVE-2024-4006 affects GitLab CE/EE: personal access scopes were not honored by GraphQL subscriptions, exposing authorization checks to GraphQL-based access. Affected versions are 16.7 up to 16.9.6 (pre-16.9.6), 16.10 up to 16.10.4 (pre-16.10.4), and 16.11 up to 16.11.1 (pre-16.11.1). The issue ha...

BIT-GITLAB-2024-2279 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE. An attacker exploiting the...

CVE-2023-40310

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...

CVE-2023-40310

SAP PowerDesigner Client 16.7 is affected by an input validation weakness in BPMN2 XML imports from untrusted sources. The vulnerability allows URLs of external entities in the BPMN2 file to be accessed during import, potentially impacting availability. Root cause: insufficient validation of BPMN...

CVE-2023-37483

SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy...

CVE-2023-37484

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...

Default credentials

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...

CVE-2023-37484

SAP PowerDesigner 16.7 is affected by an information disclosure vulnerability where the login flow queries all password hashes in the backend database and compares them against the user-provided password, potentially enabling an attacker to access password hashes from client memory. The root caus...

CVE-2023-37484 Information Disclosure Vulnerabilities in SAP PowerDesigner

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...