Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2017/10/04 12:0 a.m.13 views

Directory Traversal

360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url./n...

5.3AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2017/09/28 12:0 a.m.13 views

Directory Traversal

11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url./n...

5.3AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/17 12:0 a.m.12 views

HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS

The fix for CVE-2026-45367 added RegexTimeout protection to the matches function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In org.hl7.fhir.dstu2, replaceMatches was updated while matches at line 2462 still calls the raw String.matchessw without any...

7.5CVSS5.2AI score0.00354EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/16 12:0 a.m.12 views

Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration...

9.2CVSS5.3AI score0.00276EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.12 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/13 12:0 a.m.12 views

uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution

A command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without validation or sanitization, an attacker can craft malicious metadata that executes...

7.8CVSS6.3AI score0.00715EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/06 12:0 a.m.12 views

Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets the...

9.8CVSS5.8AI score0.00339EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/22 12:0 a.m.12 views

actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length...

5.8AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/08 12:0 a.m.12 views

WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storage path. The vulnerable GIF branch could be abused to read local files such...

7.6CVSS5.9AI score0.00412EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/08 12:0 a.m.12 views

WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services

The Live restream log callback flow accepted an attacker-controlled restreamerURL and later fetched that stored URL server-side, enabling stored SSRF for authenticated streamers. The vulnerable flow allowed a low-privilege user with streaming permission to store an arbitrary callback URL and...

6.5CVSS6AI score0.0021EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/31 12:0 a.m.12 views

Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any users in...

8.2CVSS5.9AI score0.00324EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.12 views

Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation

The nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory /etc/nginx. In particular, this allows an authenticated us...

6.9CVSS5.9AI score0.00397EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.12 views

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without verifyin...

9.9CVSS5.9AI score0.0028EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/05 12:0 a.m.12 views

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials, session...

9.8CVSS6AI score0.22162EPSS
Exploits13References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/26 12:0 a.m.12 views

Vikunja has Path Traversal in CLI Restore

Path Traversal Zip Slip and Denial of Service DoS vulnerability discovered in the Vikunja CLI's restore functionality...

7.2CVSS5.4AI score0.00739EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/09 12:0 a.m.12 views

AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value

This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement has been implemented in the AWS SD...

3.7CVSS6.8AI score0.00201EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/08 12:0 a.m.12 views

1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers

The server trusts all reverse-proxy headers by default, so any remote client can spoof X-Forwarded-For to bypass IP-based protections AllowIPs, API IP whitelist, “localhost-only” checks. All IP-based access control becomes ineffective...

6.5CVSS7AI score0.00204EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.12 views

@accordproject/template-engine contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.12 views

@accordproject/concerto-analysis contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.12 views

@actbase/react-native-kakao-channel contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/20 12:0 a.m.12 views

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers

The GoCardless components in Actualbudget in are logging responses to STDOUT in a parsed format using console.logand console.debug Which in this version of node is an alias for console.log. This is exposing sensitive information in log files including, but not limited to: - Gocardless bearer...

6.6AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/16 12:0 a.m.12 views

Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

9.8CVSS7.8AI score0.02079EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/15 12:0 a.m.12 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/02/04 12:0 a.m.12 views

Sparkle Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS6.8AI score0.00886EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/02/04 12:0 a.m.12 views

wasmvm: Malicious smart contract can crash the chain

CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...

6.9AI score
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/08/21 12:0 a.m.12 views

CWA-2024-006: wasmd non-deterministic module_query_safe query

Component: wasmd Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmd 0.53.0 See CWA-2024-006 for more details...

7.2AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/08/08 12:0 a.m.12 views

Gas mispricing in cosmwasm-vm

Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.3, 2.0.2, 2.1.1...

7.2AI score
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/05/29 12:0 a.m.12 views

Aimeos denial of service vulnerability in SaaS and marketplace setups

All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack...

5.5CVSS7.1AI score0.00435EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/05/15 12:0 a.m.12 views

ADOdb SQL injection vulnerability

The ADOdb Library for PHP prior to version 5.20.11 is prone to SQL Injection vulnerability in multiple drivers...

8.4AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/02 12:0 a.m.12 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...

2AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/14 12:0 a.m.12 views

Improper Authorization in Gogs

Impact Expired PAM accounts and accounts with expired passwords are continued to be seen as valid. Installations use PAM as authentication sources are affected. Patches Expired PAM accounts and accounts with expired passwords are no longer being seen as valid. Users should upgrade to 0.12.5 or th...

0.4AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/11 12:0 a.m.12 views

Duplicate advisory: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC o...

7.5CVSS7AI score0.01119EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/09/21 12:0 a.m.12 views

Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Impact Anyone who is using the default presets and/or does not handle the functionality themself. Patches It has not been patched yet. Workarounds Fully custom presets that change the entire rendering process which can then escape the user input. For more information Even though that I changed al...

0.8AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/05/21 12:0 a.m.12 views

RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB. The functions RandomAlphaNumericint and CryptoRandomAlphaNumericint are not as random as they should be. Small values of int in the functions above will return a smaller subset of...

7.3AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2018/03/06 12:0 a.m.12 views

SQL Injection

adodb-php contains a SQLi vulnerability...

2AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2018/03/06 12:0 a.m.12 views

SQL Injection

adodb-php contains a SQLi vulnerability...

5.8AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2017/09/29 12:0 a.m.12 views

Directory Traversal

22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url./n...

5.3AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/18 12:0 a.m.11 views

Crawl4AI: Arbitrary file write (path traversal) in crawler downloads can lead to RCE

When the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path e.g. /etc/cron.d/evil or ../ traversal escaped the downloads directory, giving an arbitrary...

6.4AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/17 12:0 a.m.11 views

HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory

org.hl7.fhir.utilities.XsltUtilities exposes two parallel families of XSLT transform helpers. The transform... overloads obtain their TransformerFactory from the project's hardened helper XMLUtil.newXXEProtectedTransformerFactory which sets ACCESSEXTERNALDTD="" and ACCESSEXTERNALSTYLESHEET="". Th...

8.7CVSS5.3AI score0.00309EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.11 views

NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length

When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can supply an...

5.2AI score0.00042EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/04 12:0 a.m.11 views

AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ listener...

5.8AI score0.00047EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.11 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score0.00054EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/19 12:0 a.m.11 views

9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js middlewar...

6.1AI score0.00147EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.11 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.11 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.11 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.11 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/07 12:0 a.m.11 views

container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command

The container system dns create --localhost command accepts a domainName argument and passes it unsanitized into the pf anchor file /etc/pf.anchors/com.apple.container as a comment in a rule line. A domain name containing a newline character breaks out of the comment context and injects an...

6AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/24 12:0 a.m.11 views

nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoint also...

5.6AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/23 12:0 a.m.11 views

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive password auth...

8.8CVSS5.7AI score0.00472EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities1518