Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2021/01/11 12:0 a.m.•25 views

CSRF can expose users authentication token

Issue The /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token. Patches Version 3.4.5 and soon to ...

7.4CVSS7.2AI score0.00917EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2019/07/19 12:0 a.m.•25 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Software CLEdit The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link A element...

6.1CVSS1.5AI score0.00826EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/06/17 12:0 a.m.•24 views

HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS

The fix for CVE-2026-45367 added RegexTimeout protection to the matches function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In org.hl7.fhir.dstu2, replaceMatches was updated while matches at line 2462 still calls the raw String.matchessw without any...

7.5CVSS5.2AI score0.00354EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/16 12:0 a.m.•24 views

Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint

The SSO metadata fetch endpoint at modules/sso/fetchmetadata.php accepts an arbitrary URL via $GET'url', validates it only with PHP's FILTERVALIDATEURL, and passes it directly to filegetcontents. FILTERVALIDATEURL accepts file://, http://, ftp://, data://, and php:// scheme URIs. An authenticated...

6.8CVSS5.9AI score0.00428EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/10/10 12:0 a.m.•24 views

Alt Redirect: Potential Authentication Bypass by Spoofing through query-string stripping logic flaw

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter...

6.5CVSS6.9AI score0.00213EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/10/29 12:0 a.m.•24 views

NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...

4.1CVSS6.5AI score0.00235EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/05/15 12:0 a.m.•24 views

amphp/http-client Header leakage on cross-domain redirects

amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matchin...

7AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/08/10 12:0 a.m.•24 views

Missing Authorization

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

9.8CVSS6.8AI score0.00698EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/05/22 12:0 a.m.•24 views

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service...

7.5CVSS6.7AI score0.02082EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/05/18 12:0 a.m.•24 views

swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. There are a number of...

7.5CVSS6.8AI score0.01119EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/04/06 12:0 a.m.•24 views

Out-of-bounds Write

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3decodeblock out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais...

6.5CVSS6.8AI score0.00902EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/03/01 12:0 a.m.•24 views

nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this. From the fix commit notes: Unlike the rest of nistec, the P-256 assembly does not use complete addition formulas, meaning that...

7.5CVSS7.2AI score0.00674EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/09/21 12:0 a.m.•24 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cloudreve versions v1.0.0 through v3.5.3 is vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...

5.4CVSS4.7AI score0.00452EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/10 12:0 a.m.•24 views

Server-side request forgery in Apache Dubbo

bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the allowed host check which can cause open redirect or SSRF vulnerability...

6.1CVSS3AI score0.02073EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/08 12:0 a.m.•24 views

OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...

10CVSS0.5AI score0.04483EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/24 12:0 a.m.•24 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The aimeos aka Aimeos shop and e-commerce framework extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account...

5.4CVSS6.3AI score0.00501EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/03/10 12:0 a.m.•24 views

Incorrect Authorization

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3...

9.1CVSS3.1AI score0.38133EPSS
Exploits7References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/01/01 12:0 a.m.•24 views

Out-of-bounds Write

HarfBuzz has an out-of-bounds write in hbbitsetinvertiblet::set called from hbsparsesett::set and hbsetcopy...

6.5CVSS0.7AI score0.0178EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/02/25 12:0 a.m.•24 views

Insecure Temporary File

A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root...

7CVSS4.7AI score0.0038EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/04/29 12:0 a.m.•24 views

Information Exposure

Actions Http-Client can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: make an http request with an authorization header that request leads to a redirect 302 the redirect url redirects to...

7.5CVSS1.3AI score0.01737EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2019/05/14 12:0 a.m.•24 views

Server Side Request Forgery in Apache Axis

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

7.5CVSS6.5AI score0.86503EPSS
Exploits7References17
GitLab Advisory Database
GitLab Advisory Database
•added 2018/07/09 12:0 a.m.•24 views

Insufficiently Protected Credentials

The Jenkins AWS CodeBuild Plugin does not properly protect credentials in AWSClientFactory...

7.8CVSS3AI score0.00339EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/07/17 12:0 a.m.•24 views

OS Command Injection

Akeneo PIM is vulnerable to shell injection in the mass edition, resulting in remote code execution...

9.8CVSS3.3AI score0.03932EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/19 12:0 a.m.•23 views

QOS.CH logback-core Server-Side Request Forgery vulnerability

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files...

2.4CVSS6.8AI score0.00225EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/08 12:0 a.m.•23 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
•added 2024/04/03 12:0 a.m.•23 views

amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames

Early versions of amphp/http-client with HTTP/2 support v4.0.0-rc10 to 4.0.0 will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client v4.1.0-rc1...

7.3AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/01/06 12:0 a.m.•23 views

Improper Restriction of XML External Entity Reference

A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/econtract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference...

9.8CVSS3.2AI score0.00731EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/11/01 12:0 a.m.•23 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public a...

8.8CVSS3.2AI score0.00506EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/29 12:0 a.m.•23 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Admidio 4.1.2 version is affected by stored cross-site scripting XSS...

5.4CVSS2.7AI score0.00533EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/15 12:0 a.m.•23 views

Session Fixation

Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron...

9.8CVSS3.5AI score0.03041EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/09/06 12:0 a.m.•23 views

URL Redirection to Untrusted Site (Open Redirect)

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

4.9CVSS1.2AI score0.01332EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/06/23 12:0 a.m.•23 views

Exposure of Sensitive Information to an Unauthorized Actor

Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Thi...

8.6CVSS1.8AI score0.01395EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/02/22 12:0 a.m.•23 views

Observable Timing Discrepancy

Constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...

9.8CVSS1AI score0.01976EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/06/10 12:0 a.m.•23 views

Deserialization of Untrusted Data

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...

9.8CVSS3.8AI score0.02597EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/03/30 12:0 a.m.•23 views

Improper Restriction of Operations within the Bounds of a Memory Buffer

An issue was discovered in USC iLab cereal. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if the archive is...

5.3CVSS1.6AI score0.01534EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/03/19 12:0 a.m.•23 views

Cross-site Scripting

In ActionView there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS...

4.8CVSS2AI score0.01543EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/06/19 12:0 a.m.•22 views

Blocky DNSSEC validation bypass and validation-cache scope pollution

Blocky accepts and caches forged DNS answers while dnssec.validate: true is enabled. The issue has two related exploit paths: 1. Basic DNSSEC validation bypass. If an untrusted upstream returns an unsigned positive answer for a DNSSEC-signed public domain, Blocky classifies the response as Insecu...

5.8AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/04/18 12:0 a.m.•22 views

Wish has SCP Path Traversal that allows arbitrary file read/write

The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../ sequence...

5.9AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/05 12:0 a.m.•22 views

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

9.8CVSS6.7AI score0.01851EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
•added 2024/02/03 12:0 a.m.•22 views

Etcd Gateway TLS endpoint validation only confirms TCP reachability

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv fla...

7.2AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/09/20 12:0 a.m.•22 views

Missing Release of Memory after Effective Lifetime

An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file...

8.1CVSS6.2AI score0.00592EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/05/30 12:0 a.m.•22 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Versions of the package yhirose/cpp-httplib before 0.12.4 is vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due ...

8.8CVSS7.2AI score0.01137EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/05/18 12:0 a.m.•22 views

swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logical error...

7.5CVSS6.7AI score0.01119EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/04/06 12:0 a.m.•22 views

Improper Restriction of Operations within the Bounds of a Memory Buffer

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3decodeblock...

6.5CVSS7.3AI score0.00888EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/03/31 12:0 a.m.•22 views

Stud42 vulnerable to denial of service

Stud42's API is vulnerable to a denial of service because the API pod can be overloaded by the GraphQL parser...

6.5AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/12/28 12:0 a.m.•22 views

Use of Weak Hash

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...

5.3CVSS2.1AI score0.00296EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/14 12:0 a.m.•22 views

Improper Input Validation

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user...

10CVSS8.3AI score0.05556EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/15 12:0 a.m.•22 views

Cross-Site Request Forgery (CSRF)

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe can't PUT from an HTML form or such but POST allows creating...

8.8CVSS6.6AI score0.01266EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/11/11 12:0 a.m.•22 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter...

9.8CVSS3.7AI score0.04431EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/08/02 12:0 a.m.•22 views

Incorrect Permission Assignment for Critical Resource

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...

4.7CVSS3AI score0.00199EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities1518