CVE-2025-67991

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Reflected XSS.This issue affects User Extra Fields: from n/a through = 16.8...

CVE-2025-67991

CVE-2025-67991 affects WordPress plugin WordPress User Extra Fields (wp-user-extra-fields) up to version 16.8. The issue is an Improper Neutralization of Input During Web Page Generation, resulting in a Reflected Cross-Site Scripting (XSS) vulnerability. Exploitation details are not provided beyo...

PT-2026-20947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...

CVE-2026-1751 Missing Authorization in GitLab

A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions...

EUVD-2026-5136

A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions...

EUVD-2025-201955

Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through = 16.8...

CVE-2025-67579 WordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through = 16.8...

WordPress User Extra Fields plugin <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via savefields Function vulnerability discovered by Tonn in WordPress Plugin User Extra Fields versions = 16.7...

EUVD-2024-17011

Malicious code in bioql PyPI...

PT-2025-35717

Name of the Vulnerable Software and Affected Versions: Malcure Malware Scanner versions n/a through 16.8 Description: A missing authorization flaw exists in Malcure Malware Scanner, allowing exploitation due to incorrectly configured access control security levels. Recommendations: At the moment,...

Linux Distros Unpatched Vulnerability : CVE-2024-1250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with...

Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition 安全漏洞

Enalean Tuleap Community Edition and Enalean Tuleap Enterprise Edition are both an open source suite from Enalean Open Source designed to improve the management of software development and collaboration. A security vulnerability exists in Enalean Tuleap Community Edition prior to 16.9.99.17525856...

CVE-2024-1299

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of managegroupaccesstokens to rotate group access tokens with owner privileges...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql16 (SUSE-SU-2025:0635-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0635-1 advisory. Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded...

SUSE-SU-2025:0636-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...

CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...

CVE-2024-8635

CVE-2024-8635 is a server-side request forgery (SSRF) in GitLab Enterprise Edition (EE). Affected: GitLab EE versions starting 16.8 up to but not including 17.1.7, 17.2 up to but not including 17.2.5, and 17.3 up to but not including 17.3.2. Root cause: abuse of a custom Maven Dependency Proxy UR...

CVE-2024-1299

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of managegroupaccesstokens to rotate group access tokens with owner privileges...

UBUNTU-CVE-2024-1299

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of managegroupaccesstokens to rotate group access tokens with owner privileges...

CVE-2023-4895

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...