UBUNTU-CVE-2024-8266

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances...

CVE-2024-7102

Removed by vendor...

PT-2025-7182 · Milliard · Line-Up-Exactly

Name of the Vulnerable Software and Affected Versions: Related Posts Line-up-Exactly by Milliard versions 0.0.0 through 0.0.22 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actio...

UBUNTU-CVE-2025-0376

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page...

CVE-2025-0376

Removed by vendor...

PT-2025-6643 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.0 through 17.6.5 GitLab EE versions 17.7 through 17.7.4 GitLab EE versions 17.8 through 17.8.2 Description: An issue was discovered in GitLab EE which allows an attacker to exfiltrate contents of a private issue using...

org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.28.0), org.apache.nifi.minifi:minifi-c2-assembly (>=1.22.0 <=1.28.0) +22 more potentially affected by CVE-2024-52067 via org.apache.nifi:nifi-framework-core (>=1.16.0 <=1.28.0)

org.apache.nifi:nifi-framework-core MAVEN version =1.16.0, =1.22.0, =1.22.0, =1.22.0, =0.1.0, =0.1.0, =1.22.0, =1.22.0, =0.1.0, =0.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2024-52067 Source advisory: OSV:GHSA-V3VC-6QCV-4VRX...

3lc (>=2.3.84 <=2.18.0), 3lc-ultralytics (>=0.1.0 <=0.1.5) +1827 more potentially affected by CVE-2024-12797 via cryptography (>=42.0.0 <=44.0.0)

cryptography PYPI version =42.0.0, =2.3.84, =0.1.0, =0.9.2, =0.1.0, =2.3.57, =0.1.0, =0.4.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =1.7.0, =1.7.2 and more Source cves: CVE-2024-12797 Source advisory: SNYK:PYTHON-CRYPTOGRAPHY-8715586...

84447xe5t8 (=1.0.0), @0xsquid/deposit-widget (>=0.0.2-beta.0 <=0.2.0) +253 more potentially affected by unknown CVE via @coinbase/wallet-sdk (>=4.0.0-beta.12 <=4.2.4)

@coinbase/wallet-sdk NPM version =4.0.0-beta.12, =0.0.2-beta.0, =2.1.11-beta.0, =3.0.0, =0.0.1, =0.2.1, =5.50.0, =1.0.77-4.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.73-rc and more Source cves: unknown CVE Source advisory: OSV:GHSA-8RGJ-285W-QCQ4...

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client api for the Message Access Protocol in the Ruby open source. A security vulnerability in Net::IMAP version 0.3.2 through versions prior to 0.3.8, 0.4.19, and 0.5.6, which stems from the response parser's unrestricted conversion of uid-set data, allows a malicious server...

PT-2025-6040 · Kelio · Kelio Visio X4 +2

Name of the Vulnerable Software and Affected Versions: Kelio Visio 1 versions 3.2C through 5.1K Kelio Visio X7 versions 3.2C through 5.1K Kelio Visio X4 versions 3.2C through 5.1K Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability that could allow an attacker to execute ...

CVE-2025-25155

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in efreja Music Sheet Viewer music-sheet-viewer allows Path Traversal.This issue affects Music Sheet Viewer: from n/a through = 4.1...

CVE-2025-25135

Cross-Site Request Forgery CSRF vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar customize-wpadmin allows Stored XSS.This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through = 3.3...

org.jeecgframework.boot:jeecg-boot-starter-cloud (>=3.4.0 <=3.7.2), org.jeecgframework.boot:jeecg-boot-starter-lock (>=3.4.0 <=3.7.2) +3 more potentially affected by CVE-2024-57606 via org.jeecgframework.boot:jeecg-boot-common (>=3.4.0 <=3.7.2)

org.jeecgframework.boot:jeecg-boot-common MAVEN version =3.4.0, =3.4.0, =3.4.0, =3.4.0, =3.6.3, =3.7.2 Source cves: CVE-2024-57606 Source advisory: OSV:GHSA-WFPM-QCHC-6CF9...

CVE-2024-56134

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions Multi-Tenant...

UBUNTU-CVE-2024-10383

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...

CVE-2025-25107

Cross-Site Request Forgery CSRF vulnerability in sainwp OneStore Sites onestore-sites allows Cross Site Request Forgery.This issue affects OneStore Sites: from n/a through = 0.1.1...

CVE-2025-23819

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Marco Milesi WP Cloud cloud allows Absolute Path Traversal.This issue affects WP Cloud: from n/a through = 1.4.3...

org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.5.0 <=3.7.5) +19 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.5.0 <=3.7.5)

org.apache.james:james-server-jmap-draft MAVEN version =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.7.0, =3.7.0, =3.6.0, =3.7.0, =3.5.0, =3.5.0, =3.7.5 and more Source cves: CVE-2024-45626 Source advisory:...

CVE-2025-23810

Cross-Site Request Forgery CSRF vulnerability in Igor Sazonov Len Slider len-slider allows Reflected XSS.This issue affects Len Slider: from n/a through = 2.0.11...