NPM: Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

NPM: Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer vulnerability discovered by ? in WordPress Npm marked versions = 18.0.0, = 18.0.1...

CVE-2025-1110

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query...

EUVD-2025-16138

Malicious code in bioql PyPI...

GitLab Community Edition和GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions prior to 17.10.7, 17.11.3, an...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions prior to 17.10.7, 17.11.3, an...

UBUNTU-CVE-2025-1110

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query...

CVE-2025-2853

GitLab CE/EE is affected by CVE-2025-2853 in all affected releases prior to 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. The issue is due to insufficient input validation, allowing an authenticated user to trigger a denial-of-service condition (availability impact). Remediation per publ...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

Venki Supravizio BPM 安全漏洞

Venki Supravizio BPM is a process management solution from Venki Brazil. A security vulnerability exists in Venki Supravizio BPM version 18.0.1 and prior versions, which stems from a contained arbitrary file upload vulnerability. An authenticated attacker could upload malicious files, which could...

CVE-2024-44204

A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver...

PT-2024-31037 · Apple · Ipados +3

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.0.1 iPadOS versions prior to 18.0.1 Description: A logic issue was addressed with improved validation, allowing a user's saved passwords to be read aloud by VoiceOver. This issue is related to the VoiceOver feature in...

Totara LMS Cross-Site Scripting Vulnerability

Totara LMS is a learning management system from Totara. A cross-site scripting vulnerability exists in Totara LMS version 18.0.1 Build 20231128.01, which stems from the fact that admin/roles/check.php in the component Profile Handler contains some unknown functions that lead to cross-site scripti...

Totara LMS 跨站请求伪造漏洞

Totara LMS is a Learning Management System from Totara Corporation. A cross-site request forgery vulnerability exists in Totara LMS version 18.0.1 Build 20231128.01, which stems from the presence of an unknown part of the system that could lead to cross-site request forgery...

SUSE CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

CVE-2016-6555 OpenNMS Stored XSS via SNMP Trap Alerts

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in...

CVE-2016-6555

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in...

CVE-2016-6555

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in...

CVE-2016-6556

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This...

Cross site scripting

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This...

Cross site scripting

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in...