CVE-2025-1477 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoin...

Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)

The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. - A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...

Atlassian Jira 8.14.x < 8.16.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.14, 8.6.x 8.13.6 or 8.14.x 8.16.1. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability in the EditWorkflowScheme.jspa...

Atlassian Jira 8.14.x < 8.15.1 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.5 or 8.14.x 8.15.1. It is, therefore, affected by a missing permissions check vulnerability allowing remote anonymous attackers to obtain gadget related settings. Note th...

Atlassian Jira < 8.13.3 / 8.14.x < 8.14.1 Broken Authentication (JRASERVER-72029)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is affected by a broken authentication vulnerability in the makeRequest gadget resource. An unauthenticated, remote attacker can exploit this issue to evade behind-the-firewall protection...

Information disclosure

An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID...

CVE-2019-19311

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields...

GitLab code issue vulnerability (CNVD-2019-30740)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A code issue vulnerability exists in GitLab Enterprise an...

Oracle Hospitality Applications Hospitality Suite8 Component Information Disclosure Vulnerability

Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle. The product provides human resources cost management, provide customers throughout the journey to track the management of services to improve customer...

IMail IMAP4D Delete Overflow

No description provided by source. $Id: imaildelete.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...