Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2024/09/06 12:0 a.m.•41 views

XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...

8.6CVSS8.4AI score0.00975EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
•added 2024/04/22 12:0 a.m.•41 views

Arbitrary Code Execution in Gitea

The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution...

7.2CVSS7.3AI score0.95432EPSS
Exploits12References14Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/10/10 12:0 a.m.•41 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Azure Identity SDK Remote Code Execution Vulnerability...

8.8CVSS7.5AI score0.02243EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/04/15 12:0 a.m.•41 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

6.8CVSS5AI score0.00503EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/01/14 12:0 a.m.•41 views

Incorrect Authorization

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...

9.8CVSS8.7AI score0.66768EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/12/31 12:0 a.m.•41 views

Server-Side Request Forgery (SSRF)

A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to...

9.8CVSS4.8AI score0.00662EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/08/01 12:0 a.m.•41 views

Improper Certificate Validation

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...

9.8CVSS3.2AI score0.00641EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/13 12:0 a.m.•42 views

Exposure of Resource to Wrong Sphere

Azure Storage Library Information Disclosure Vulnerability...

4.7CVSS1.3AI score0.00521EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•41 views

DoS through large manifest files in Argo CD

Impact All versions of Argo CD starting with v0.7.0 is vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service. The repo-server is a critical component of Argo CD, so crashing the repo-server effectively denies core Argo CD...

6.5CVSS0.1AI score0.00836EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/24 12:0 a.m.•41 views

Kubernetes Secrets Store CSI Driver plugins arbitrary file write

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...

6.5CVSS5.7AI score0.0137EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/24 12:0 a.m.•41 views

Uncontrolled Recursion

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

5.9CVSS5.6AI score0.03692EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/24 12:0 a.m.•41 views

Uncontrolled Resource Consumption

Some HTTP/2 implementations is vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

7.8CVSS3.5AI score0.83433EPSS
Exploits1References72Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/19 12:0 a.m.•41 views

Unhandled exception in gopkg.in/yaml.v3

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input...

7.5CVSS4AI score0.03733EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/17 12:0 a.m.•41 views

Djblets Cross-site scripting Vulnerability

A cross-site scripting XSS vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name...

4.3CVSS5.2AI score0.02083EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/03/12 12:0 a.m.•41 views

Path traversal in FreeTAKServer-UI

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

6.5CVSS5.2AI score0.00719EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/01/06 12:0 a.m.•41 views

Regular Expression Denial of Service in CairoSVG

When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service REDoS. If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time...

5.7CVSS5.6AI score0.01466EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/10/27 12:0 a.m.•41 views

Out-of-bounds Write

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

9.6CVSS3.4AI score0.5063EPSS
Exploits2References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/06/19 12:0 a.m.•41 views

Unrestricted Upload of File with Dangerous Type

A client side enforcement of server side security vulnerability exists in rails and rails ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

7.5CVSS2.3AI score0.03065EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2018/07/13 12:0 a.m.•41 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the data-container property of tooltip...

6.1CVSS1.7AI score0.04009EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2018/06/07 12:0 a.m.•41 views

Path Traversal

node module suffers from a Path Traversal vulnerability due to lack of validation of files, which allows a malicious user to read content of any file with known path...

7.5CVSS3.8AI score0.02038EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/10/24 12:0 a.m.•41 views

Exposure of Sensitive Information to an Unauthorized Actor

A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts...

5CVSS6.3AI score0.02232EPSS
Exploits1References12Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/10/24 12:0 a.m.•41 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...

7.5CVSS8.9AI score0.0303EPSS
Exploits1References21Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/10/24 12:0 a.m.•41 views

activerecord vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

7.5CVSS8.1AI score0.02375EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2012/08/10 12:0 a.m.•41 views

Ruby on Rails Potential XSS Vulnerability in select_tag prompt

When a value for the prompt field is supplied to the selecttag helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks...

4.3CVSS1.6AI score0.01306EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2012/03/13 12:0 a.m.•41 views

Direct Manipulation XSS

Ruby on Rails contains a flaw that allows a remote cross-site scripting XSS attack. This flaw exists because the application does not validate direct manipulations of SafeBuffer objects via '' and other methods. This may allow a user to create a specially crafted request that would execute...

4.3CVSS3.2AI score0.02137EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2011/08/29 12:0 a.m.•41 views

Response Splitting Vulnerability in Ruby on Rails

A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types...

4.3CVSS3.5AI score0.01748EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/05/29 12:0 a.m.•40 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score0.00054EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/04 12:0 a.m.•40 views

Access control vulnerable to user data deletion by anonynmous users

Anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access...

8.7CVSS7AI score0.00413EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/10/24 12:0 a.m.•40 views

ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups

All SaaS and marketplace setups using Aimeos version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack...

5.5CVSS6.7AI score0.00346EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/05/14 12:0 a.m.•40 views

Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...

5.9CVSS6.3AI score0.00901EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
•added 2024/03/10 12:0 a.m.•40 views

1Panel is vulnerable to command injection

1Panel is vulnerable to command injection. This vulnerability has been classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the...

9.8CVSS7.7AI score0.03044EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/01/26 12:0 a.m.•40 views

Out-of-bounds Write

In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or...

7.8CVSS7.5AI score0.00415EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/12/27 12:0 a.m.•40 views

hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service DoS via manipulation of the first two parameters...

7.5CVSS7.1AI score0.00654EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/12/03 12:0 a.m.•40 views

Incorrect Permission Assignment for Critical Resource

In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...

9.1CVSS6.9AI score0.00867EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/10/16 12:0 a.m.•40 views

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS6.8AI score0.01364EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/10/16 12:0 a.m.•40 views

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS6.2AI score0.01364EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/08/11 12:0 a.m.•40 views

Improper Input Validation

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

9.8CVSS6.9AI score0.05378EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/02/09 12:0 a.m.•40 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

8.8CVSS8.6AI score0.02153EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/02/06 12:0 a.m.•40 views

Insertion of Sensitive Information into Log File

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...

5.5CVSS1.2AI score0.00512EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/26 12:0 a.m.•40 views

Improper Control of Generation of Code ('Code Injection')

A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...

9.8CVSS6AI score0.02742EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/17 12:0 a.m.•40 views

FormEncode Access Restrictions Bypass

schema.py in FormEncode for Python python-formencode 1.0 does not apply the chainedvalidators feature, which allows attackers to bypass intended access restrictions via unknown vectors...

7.5CVSS6.1AI score0.01488EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/14 12:0 a.m.•40 views

Cross-Site Request Forgery (CSRF)

An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

8.8CVSS7.1AI score0.00486EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/04/06 12:0 a.m.•40 views

Improper Link Resolution Before File Access ('Link Following')

An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...

7.8CVSS5.3AI score0.00432EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/20 12:0 a.m.•40 views

Improper Neutralization of Special Elements used in a Command ('Command Injection')

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the from MODULE import substring. Only lines beginning with import are blocked...

7.8CVSS4AI score0.00495EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/15 12:0 a.m.•40 views

Improper Authentication

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally...

8.8CVSS2AI score0.03597EPSS
Exploits5References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/05/24 12:0 a.m.•40 views

NULL Pointer Dereference

In teler before version 0.0.1, if you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1...

7.5CVSS3.6AI score0.01412EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/02/01 12:0 a.m.•40 views

Regular Expression Denial of Service

The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

5.3CVSS3.5AI score0.03546EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/11/04 12:0 a.m.•40 views

Deserialization of Untrusted Data

DatabaseSchemaViewer is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted .dbschema file. As a workaround, ensure .dbschema files from untrusted sources are not opened...

8CVSS3.5AI score0.02013EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/10/27 12:0 a.m.•40 views

Out-of-bounds Write

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

9.6CVSS3.4AI score0.5063EPSS
Exploits2References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2019/08/29 12:0 a.m.•40 views

Incorrect Default Permissions

In kubelet, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 root on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not...

7.8CVSS2.8AI score0.00599EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities1518