Security Bulletin: IBM SPSS Modeler is vulnerabile to SSL private key exposure (CVE-2023-33842)

Summary An SSL private key exposure in IBM SPSS Modeler could allow a local user to decrypt and obtain sensitive information Vulnerability Details CVEID:CVE-2023-33842 DESCRIPTION: IBM SPSS Modeler on Windows requires the end user to have access to the server SSL key which could allow a local use...

EUVD-2024-54876

Malicious code in bioql PyPI...

CVE-2025-6186

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

UBUNTU-CVE-2025-6186

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

GitLab Enterprise Edition和GitLab Community Edition 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition and GitLab...

PT-2025-33056 · Unknown · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 18.2 through 18.2.1 Description: An issue allows authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions. Recommendations: Update to version 18.2.2 or...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition versions prior to 18.0.6, prior to 18.1.4, and prior to 18.2.2, which stems from the possibility that a user with certain privileges may...

PT-2025-33058 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 18.0.6 GitLab EE versions prior to 18.1.4 GitLab EE versions prior to 18.2.2 Description: An issue exists in GitLab EE that allows authenticated users with specific access to bypass merge request approval policies ...

CVE-2020-14378 affecting package ceph for versions less than 18.2.2-1

CVE-2020-14378 affecting package ceph for versions less than 18.2.2-1. A patched version of the package is available...

PT-2025-33049 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.6 through 18.0.5 GitLab CE/EE versions 18.1 through 18.1.3 GitLab CE/EE versions 18.2 through 18.2.1 Description: An issue exists in GitLab CE/EE that allows an authenticated user to cause a denial of service conditio...

CVE-2012-2677 affecting package ceph for versions less than 18.2.2-1

CVE-2012-2677 affecting package ceph for versions less than 18.2.2-1. A patched version of the package is available...

CVE-2024-28198 XML external entity (XXE) injection in OpenOLAT

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

CVE-2024-28198 XML external entity (XXE) injection in OpenOLAT

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

CVE-2024-28198 XML external entity (XXE) injection in OpenOLAT

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

CVE-2021-46837

respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrenc...

AZL-38359 CVE-2021-3672 affecting package ceph for versions less than 18.2.2-1

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...

AZL-38527 CVE-2020-10724 affecting package ceph for versions less than 18.2.2-1

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...

Visual Studio 2026 Security Update (18.2.2)

This security update applies to all editions of Visual Studio 2026, and will update client machines on the Stable channel to version 18.2.2. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in order for the update ...