Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2025/01/09 12:0 a.m.•14 views

JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...

2.1CVSS6.8AI score0.00548EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/20 12:0 a.m.•14 views

ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic

Name: ASA-2024-010: Mismatched bit-length in sdk.Int and sdk.Dec can lead to panic Component: Cosmos SDK / Math Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmossdk.io/math package versions = math/v1.3.0 Affected users: Chain Builders +...

7AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/08 12:0 a.m.•14 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
•added 2023/10/05 12:0 a.m.•14 views

Improper Neutralization

Improper Neutralization in CefSharp.Common.NETCore...

6.9AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/06/16 12:0 a.m.•14 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in @apollo/server...

6.9AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/03/10 12:0 a.m.•14 views

Relative Path Traversal

Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.core...

2.6AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/13 12:0 a.m.•14 views

Cross site scripting in ameos_tarteaucitron

The ameostarteaucitron aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible extension before 1.2.23 for TYPO3 allows XSS...

5.4CVSS6.8AI score0.00467EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/24 12:0 a.m.•14 views

Gitea XSS Vulnerability in Repository Description

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...

6.1CVSS6.7AI score0.0084EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/24 12:0 a.m.•14 views

Gitea Allows 1FA Even for 2FA-Enrolled Accounts

Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...

9.8CVSS7AI score0.01749EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/17 12:0 a.m.•14 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01808EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/01 12:0 a.m.•14 views

Django Improper Access Control

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user...

6.5CVSS6.7AI score0.01188EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/03/03 12:0 a.m.•14 views

Execution with Unnecessary Privileges in arc-electron

When the end-user click on the response header that contains a link the target will be opened in ARC new window. This window will have the default preload script loaded which allows the scripts embedded in the link target to execute any logic that ARC has access to from the renderer process, whic...

1.9AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/11 12:0 a.m.•14 views

Duplicate advisory: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3f6-pc54-gfw7. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...

7.5CVSS7.2AI score0.01119EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/06/01 12:0 a.m.•14 views

Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages...

2.4AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2018/03/06 12:0 a.m.•14 views

SQL Injection

The SelectLimit function has a potential SQL injection vulnerability through the use of the nrows and offset parameters which are not forced to integers...

4.6AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/05/09 12:0 a.m.•14 views

Cookie leakage to wrong origins and non-restricted cookie acceptance

Cookie leakage to wrong origins and non-restricted cookie acceptance...

2.3AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/10/16 12:0 a.m.•14 views

Incomplete List of Disallowed Inputs

A flaw in the iptype function is triggered when handling octal encoding. This may allow a remote attacker to bypass the IP exclusion feature...

2.4AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2008/08/15 12:0 a.m.•14 views

Remote code execution and potential Denial of Service Vulnerability

Activeresource contains a format string flaw in the request function of lib/activeresource/connection.rb. The issue is triggered as format string specifiers e.g. %s and %x are not properly sanitized in user-supplied input when passed via the result.code and result.message variables. This may allo...

6.9AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/06/18 12:0 a.m.•13 views

Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args

The Docker API server accepted a request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command --utility-cmd-prefix, --renderer-cmd-prefix, --gpu-launcher, --browser-subprocess-path...

5.6AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/06/16 12:0 a.m.•13 views

Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server

Three backward-compatible hardening fixes in the Docker API server. The headline issue is an arbitrary file write via the screenshot/PDF outputpath...

5.4AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/06/12 12:0 a.m.•13 views

SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec HTTP2FramePayloadToHTTP1ServerCodec / HTTP2ToHTTP1ServerCodec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request containing CR \r, LF \n, o...

5.3CVSS5.4AI score0.00192EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/05/29 12:0 a.m.•13 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score0.00054EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
•added 2026/05/18 12:0 a.m.•13 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
•added 2026/05/18 12:0 a.m.•13 views

TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection

TinyIce's WebRTC source-ingest HTTP endpoint, POST /webrtc/source-offer?mount=, accepted any inbound WebRTC SDP offer with no authentication check. The handler routed the offer to WebRTCManager.HandleSourceOffer, which then accepted whatever audio/video tracks the peer published and broadcast the...

8.2CVSS5.8AI score0.00357EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/05/06 12:0 a.m.•13 views

Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

An unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without authentication, and the request-encryption flow only protects payload confidentiality in transit; i...

9.8CVSS5.8AI score0.00346EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/04/29 12:0 a.m.•13 views

Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services

An authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing network...

9.9CVSS5.9AI score0.00318EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/04/23 12:0 a.m.•13 views

melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

An attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a value containing ../ sequences or an absolute path. The Compiled.compilePipeline function in pkg/build/compile.go passed uses...

6.1CVSS5.9AI score0.0014EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/18 12:0 a.m.•13 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/10 12:0 a.m.•13 views

Actual Sync Server has an Authenticated Path Traversal

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside userFiles...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/09 12:0 a.m.•13 views

Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter

Register unwilling users for events potential harassment/spam - Cancel other users' event participation - Manipulate event participant counts and comments - If events have participation limits, fill slots with unwanted registrations...

5.4CVSS5.8AI score0.00253EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/11/25 12:0 a.m.•13 views

@actbase/react-native-tiktok contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/10/07 12:0 a.m.•13 views

Akka.Remote TLS did not properly implement certificate-based authentication

This is a critical network security vulnerability for Akka.Remote users who have SSL / TLS enabled on their Akka.Remote connections and were expecting certificate-based authentication to be enforced on all peers attempting to join the network. In all versions of Akka.Remote from v1.2.0 to v1.5.51...

9.3CVSS7AI score0.00374EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/09/17 12:0 a.m.•13 views

DragonFly's tiny file download uses hard coded HTTP protocol

The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. Due to the use of weak integrity...

6.9CVSS7AI score0.0013EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/09/11 12:0 a.m.•13 views

Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT...

6.5CVSS7.2AI score0.00376EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/04/18 12:0 a.m.•13 views

Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious...

9.8CVSS7.6AI score0.01777EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•13 views

H2O Vulnerable to Arbitrary File Overwrite

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

8.2CVSS6.9AI score0.00514EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•13 views

H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint

A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...

7.5CVSS6.8AI score0.00588EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•13 views

H2O Vulnerable to Denial of Service (DoS) and File Write

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS7.1AI score0.00636EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/09 12:0 a.m.•13 views

wasm3 uncontrolled memory allocation vulnerability

wasm3 at commit 139076a contains a memory leak in the Readutf8 function...

8.4CVSS6.8AI score0.00266EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/09/26 12:0 a.m.•13 views

Duplicate Advisory: NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mjjw-553x-87pq. This link is maintained to preserve external references. Original Description NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with...

7.7AI score0.37055EPSS
Exploits2References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/05/15 12:0 a.m.•13 views

amphp/http Host Header Injection vulnerability

amphp/http versions before 1.0.1 allows an attacker to supply invalid input in the Host header which may lead to various type of Host header injection attacks...

7.3AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/05/15 12:0 a.m.•13 views

easyadmin-extension-bundle action case insensitivity

In alterphp/easyadmin-extension-bundle, role based access rules do not handle action name case sensitivity which may lead to unauthorized access...

7AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/03/29 12:0 a.m.•13 views

Un-sanitized metric name or labels can be used to take over exported metrics

In code which applies un-sanitized string values into metric names or labels, like this: swift let lang = try? request.query-getString.self, at: "lang" Counter label: "language", dimensions: "lang", lang ?? "unknown" an attacker could make use of this and send a ?lang query parameter containing...

7.4CVSS6.6AI score0.00645EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/05/18 12:0 a.m.•13 views

SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header

Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other issues. Thi...

7AI score
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/24 12:0 a.m.•13 views

SwiftNIO SSL arbitrary code execution vulnerability

A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1...

9.8CVSS7AI score0.02212EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/17 12:0 a.m.•13 views

Elixir can leak information due to weak use of crypto

Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...

4.3CVSS6AI score0.01667EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/08/23 12:0 a.m.•13 views

Argo Server TLS requests could be forged by attacker with network access

Impact We are not aware of any exploits. This is a pro-active fix. Impacted: You are running Argo Server = v3.0 with --secure unspecified note - running in secure mode is recommended regardless. The attacker is within your network. If you expose Argo Server to the Internet then "your network" is...

0.8AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/05/27 12:0 a.m.•13 views

Listing of upload directory contents possible

There's an security issue in prosody-filer versions 1.0.1 which leads to unwanted directory listings of download directories. An attacker is able to list previous uploads of a certain user by shortening the URL and accessing a URL subdirectors other than /upload/ or the corresponding user defined...

3.6AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2018/02/26 12:0 a.m.•13 views

Path Traversal

626 includes a path traversal vulnerability. It allows reading arbitrary files from the remote server...

4.5AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/11/20 12:0 a.m.•13 views

Padding Oracle Vulnerability in RSA Encryption

Padding Oracle Vulnerability in RSA Encryption...

3.8AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities1518