Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2020/12/03 12:0 a.m.•22 views

Out-of-bounds Write

CImg suffers from integer overflows leading to heap buffer overflows in loadpnm that can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity...

8.1CVSS5AI score0.01467EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2019/10/01 12:0 a.m.•22 views

XML Entity Expansion

go-yaml is vulnerable to a Billion Laughs Attack...

2.5AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2018/08/10 12:0 a.m.•22 views

Command Injection

active-support could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

10CVSS5.6AI score0.06129EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2018/07/23 12:0 a.m.•22 views

Improper query string handling in Django

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...

4CVSS5.3AI score0.01697EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/07/06 12:0 a.m.•21 views

9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats

Multiple critical API security vulnerabilities were discovered in 9Router's Next.js dashboard. The /api/providers endpoints lack authentication entirely, allowing anyone to create, read, update, and delete provider connections. Additionally, /api/usage/stats exposes full plaintext API keys, and...

6AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/07/02 12:0 a.m.•21 views

9router: Missing Authorization and OS Command Injection

POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawned as sudo -S sh. The route is not present in the dashboard middleware matcher in src/proxy.js, so the request reaches...

9.8CVSS5.8AI score0.01372EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/05/06 12:0 a.m.•21 views

Nginx-UI Settings API Exposes Protected Secrets

The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/25 12:0 a.m.•21 views

Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read

When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will receive...

6.5CVSS5.8AI score0.0033EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•21 views

H2O Vulnerable to Arbitrary File Overwrite via File Export

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

7.1CVSS6.7AI score0.00693EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/08 12:0 a.m.•21 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/08 12:0 a.m.•21 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
•added 2024/06/05 12:0 a.m.•21 views

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption...

8.2CVSS8.1AI score0.00994EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/01/03 12:0 a.m.•21 views

Vapor contains an integer overflow in URI leading to potential host spoofing

Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI ty...

6.5CVSS6.9AI score0.00601EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/08/31 12:0 a.m.•21 views

Path traversal in ZIPFoundation

An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file...

7.8CVSS6.8AI score0.00379EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/08/06 12:0 a.m.•21 views

Insufficient Session Expiration

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11...

6.5CVSS7AI score0.00507EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/07/14 12:0 a.m.•21 views

SwiftTerm Code Injection vulnerability

Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands...

7.8CVSS7.4AI score0.0043EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/11/01 12:0 a.m.•21 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be...

8.8CVSS3.1AI score0.0056EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/03/20 12:0 a.m.•21 views

Insufficient Session Expiration

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9...

8.2CVSS2AI score0.00997EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/16 12:0 a.m.•21 views

Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket

If no TLS configuration is provided by the user, the websocket package constructs its own TLS configuration using recommended defaults...

2AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/01/05 12:0 a.m.•21 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross Site Scripting XSS vulnerability exits in Anchor CMS =0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations...

6.1CVSS2.6AI score0.00746EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/12/07 12:0 a.m.•21 views

Remote Code Execution in AjaxNetProfessional

Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication sharin...

9.8CVSS9.2AI score0.88768EPSS
Exploits2References6
GitLab Advisory Database
GitLab Advisory Database
•added 2021/02/08 12:0 a.m.•21 views

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

2.3AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2018/01/10 12:0 a.m.•21 views

Improper Link Resolution Before File Access ('Link Following')

lib/vlad/dba/mysql.rb in the VladTheEnterprising gem for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.targethost...

5.5CVSS5.5AI score0.00431EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/02/15 12:0 a.m.•21 views

Nested attributes rejection proc bypass

When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the allowdestroy: false option to the acceptsnestedattributesfor method. The allowdestroy flag prevents the :rejectif proc from being called because it assumes that the recor...

5.3CVSS5.7AI score0.0425EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/04/09 12:0 a.m.•20 views

decolua 9router vulnerable to authorization bypass

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.5AI score0.00313EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/29 12:0 a.m.•20 views

Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)

The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS when a crafted application/x-trix-document JSON payload is dropped into the editor in environments using the fallback Level0InputController e.g., embedded WebViews lacking Input Events Level 2 support. The StringPiece.fromJSON...

5.9AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/02/03 12:0 a.m.•20 views

apko has a path traversal in apko dirFS which allows filesystem writes outside base

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

7.5CVSS5.4AI score0.00369EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/04/29 12:0 a.m.•20 views

@account-kit/smart-contracts Allowlist Module Bypass Vulnerability

Allowlist module contains a bypass vulnerability...

7.2AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•20 views

H2O Deserialization of Untrusted Data Vulnerability

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.9AI score0.01441EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/05 12:0 a.m.•20 views

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

9.8CVSS6.7AI score0.01851EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
•added 2024/05/14 12:0 a.m.•20 views

Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

7.5CVSS6.2AI score0.011EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
•added 2024/02/29 12:0 a.m.•20 views

yyjson has a Double Free vulnerability

The pool series allocator poolmalloc/poolfree/poolrealloc by yysjon has a Double Free vulnerability, which may lead to arbitrary address writing and Denial of Service DoS attacks. Arbitrary address writing, combined with other legitimate or illegitimate operations of programs using this library,...

8.6CVSS8.1AI score0.01836EPSS
Exploits1References11Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/06/23 12:0 a.m.•20 views

Improper Access Control

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9...

6.4CVSS7AI score0.00416EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/04/06 12:0 a.m.•20 views

Out-of-bounds Read

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3decodeblock out-of-bounds read...

6.5CVSS7.3AI score0.00888EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/04/03 12:0 a.m.•20 views

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...

6.1CVSS5.1AI score0.00393EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/24 12:0 a.m.•20 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

6.1CVSS6.9AI score0.0084EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/05 12:0 a.m.•20 views

Deserialization of Untrusted Data

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...

6.8CVSS5.1AI score0.01116EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/02 12:0 a.m.•20 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the Apache Solr Search solr extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01997EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/06 12:0 a.m.•20 views

Server-Side Request Forgery (SSRF)

In Apache Traffic Control Traffic Ops, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach...

7.5CVSS1.2AI score0.01978EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/09/21 12:0 a.m.•20 views

Externally Controlled Reference to a Resource in Another Sphere

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack...

3.5CVSS3.4AI score0.01952EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2008/10/10 12:0 a.m.•20 views

ActiveRecord Gem :limit / :offset SQL Injection

The issue is due to the program not properly sanitizing user-supplied input related to the :limit and :offset functions. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

3.4AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/05/29 12:0 a.m.•19 views

Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection

AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection...

5.8AI score0.00014EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•19 views

nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

The nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the...

9.8CVSS6AI score0.38477EPSS
Exploits4References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•19 views

SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network service...

5.7CVSS5.9AI score0.00289EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/13 12:0 a.m.•19 views

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memor...

5.8AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/02/28 12:0 a.m.•19 views

Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse

Summary A critical business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens upon use and a critical logic bug in the token cleanup cron job, reset tokens remain valid...

9.8CVSS6AI score0.00673EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/27 12:0 a.m.•19 views

Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...

4.3CVSS6.6AI score0.00812EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
•added 2024/10/08 12:0 a.m.•19 views

Adguard Home arbitrary file read vulnerability

An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory...

4.9CVSS6.9AI score0.00788EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/11/22 12:0 a.m.•19 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting XSS...

6.1CVSS6.6AI score0.007EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/09/05 12:0 a.m.•19 views

Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService

When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SS...

9.8CVSS7.2AI score0.01931EPSS
Exploits0References6
Total number of security vulnerabilities1518