Lucene search
K

9 matches found

NVD
NVD
added 2026/06/25 5:16 a.m.11 views

CVE-2026-5309

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS0.00171EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/10 4:19 a.m.57 views

CVE-2026-6722 Use-After-Free in SOAP using Apache map

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.5CVSS0.00739EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 4:5 p.m.1 views

CVE-2025-12704 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...

3.5CVSS5.8AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/25 11:39 p.m.5 views

EUVD-2026-8767

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s .NET Single File Application parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed RelativePathLength so the...

5.1CVSS5.5AI score0.00144EPSS
Exploits1References1
NVD
NVD
added 2025/12/05 6:15 p.m.7 views

CVE-2025-66515

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

2.7CVSS0.00271EPSS
Exploits0References4
CVE
CVE
added 2025/10/13 9:33 p.m.11 views

CVE-2025-62362

CVE-2025-62362 affects gpp-burgerportaal, a Dutch government citizen portal. In versions prior to 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered via browser developer tools. This is an information disclos...

6.9CVSS5.9AI score0.00293EPSS
Exploits0References1
OSV
OSV
added 2024/12/12 12:15 p.m.5 views

UBUNTU-CVE-2024-8179

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

5.4CVSS5.7AI score0.00317EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/06/21 5:8 p.m.13 views

git: arbitrary code execution when recursively cloning a malicious repository

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

7.8CVSS8.1AI score0.49188EPSS
Exploits10References5
OSV
OSV
added 2018/01/10 2:29 a.m.3 views

CVE-2016-10256

The Symantec ProxySG 6.5 prior to 6.5.10.6, 6.6, and 6.7 prior to 6.7.2.1 management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client...

6.1CVSS5.9AI score0.01473EPSS
Exploits0References3
Rows per page
Query Builder