Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.11 views

HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...

9.1CVSS5.9AI score0.00158EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.11 views

FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

The /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname, scheme, or domain validation. An unauthenticated attacker with network access to the validator can probe internal network services...

5.8CVSS5.9AI score0.00235EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.11 views

Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API

The GET /api/v1/projects/:project/webhooks endpoint returns webhook BasicAuth credentials basicauthuser and basicauthpassword in plaintext to any user with read access to the project. While the existing code correctly masks the HMAC secret field, the BasicAuth fields added in a later migration we...

6.5CVSS5.9AI score0.00297EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.11 views

File Upload(RCE) Vulnerability in admidio

A critical unrestricted file upload vulnerability exists in the Documents & Files module of Admidio. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an authenticated user with upload permissions can bypass file extension...

8.8CVSS6AI score0.00982EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.11 views

Admidio has an HTMLPurifier Bypass in eCard Message Allows HTML Email Injection

The eCard send handler in Admidio uses the raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject arbitrary HTML and JavaScript into greeting card emails sent to other...

5.4CVSS5.9AI score0.00227EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/11 12:0 a.m.11 views

actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects

actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing open...

5.8AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/10 12:0 a.m.11 views

Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network

Server-Side Request Forgery SSRF in Azure MCP Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.00959EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/25 12:0 a.m.11 views

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

6.1CVSS5.5AI score0.00221EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/19 12:0 a.m.11 views

Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this can lead ...

6.1CVSS5.5AI score0.0023EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/22 12:0 a.m.11 views

Dragonfly Manager Job API Unauthenticated Access

Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption...

9.8CVSS5.4AI score0.00713EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/22 12:0 a.m.11 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/21 12:0 a.m.11 views

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace Context...

5.3CVSS5.6AI score0.00392EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/16 12:0 a.m.11 views

Crawl4AI Has Local File Inclusion in Docker API via file:// URLs

A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...

6.9AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/14 12:0 a.m.11 views

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, this could...

7AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/28 12:0 a.m.11 views

LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. This is fixed in a forked release: at.yawk.lz4:lz4-java version 1.8.1. The original project has been archived:...

8.8CVSS6.4AI score0.00647EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.11 views

@actbase/react-absolute contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.11 views

@actbase/react-native-fast-image contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/01 12:0 a.m.11 views

QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...

7CVSS7.3AI score0.00181EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.11 views

DragonFly's manager generates mTLS certificates for arbitrary IP addresses

A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if the pee...

8.7CVSS7.2AI score0.00219EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/01 12:0 a.m.11 views

1Panel agent certificate verification bypass leading to arbitrary command execution

First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows you to control other hosts by adding nodes. - The HTTPS protocol used for communication between the Core and Agent sides did not fully verify the...

9.8CVSS7.2AI score0.00901EPSS
Exploits5References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/07/18 12:0 a.m.11 views

apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files

It was discovered that the ld.so.cache in images generated by apko had file system permissions mode 0666: bash-5.3 find / -type f -perm -o+w /etc/ld.so.cache...

7CVSS6.4AI score0.00118EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/06/11 12:0 a.m.11 views

CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error

CWA-2025-006: Improper error handling may lead to IBC channel opening despite error Severity High Considerable + Likely^1 Affected versions: - wasmd 0.60.0 - wasmd = 0.51.0 0.55.1 Patched versions: - wasmd 0.60.1, 0.55.1, 0.54.1, 0.53.3 Description of the bug A contract erroring during IBC channe...

6.9AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/03/20 12:0 a.m.11 views

H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS6.8AI score0.00588EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/02/13 12:0 a.m.11 views

Remote code execution in alextselegidis/easyappointments

Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legalsettings parameter...

6.1CVSS7.2AI score0.00507EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/12/10 12:0 a.m.11 views

Panic in wasmvm can slow down block production

CWA-2024-008 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

7AI score
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/12/10 12:0 a.m.11 views

Panic in wasmvm can slow down block production

CWA-2024-008 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

7AI score
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/08/21 12:0 a.m.11 views

CWA-2024-005: Stackoverflow in wasmd

Component: wasmd Criticality: High ACMv1: I:Critical; L:Likely Patched versions: wasmd 0.53.0, 0.46.0 See CWA-2024-005 for more details...

7.2AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/08/08 12:0 a.m.11 views

CosmWasm wasmd has large address count in ValidateBasic

Component: wasmd Criticality: Low ACMv1: I:Moderate; L:Unlikely Patched versions: wasmd 0.52.0 In multiple wasmd message types it was possible to add a large number of addresses which might lead to unexpected resource consumption in ValidateBasic. See CWA-2024-003 for more details...

7.1AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/05/15 12:0 a.m.11 views

pygmentize Remote Code Execution

pygmentize is prone to remote code execution due to an unsafe sanitazation of user input when passed to the highlight function...

8.1AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.11 views

Cherry Music directory traversal vulnerability

Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."...

4.3CVSS6.4AI score0.06665EPSS
Exploits5References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/13 12:0 a.m.11 views

Improper Restriction of XML External Entity Reference in Castor

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS7.1AI score0.07794EPSS
Exploits3References5
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/02 12:0 a.m.11 views

AdaptCMS SQL Injection vulnerability

SQL injection vulnerability in the "Check User" feature includes/checkuser.php in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter...

7.5CVSS8.7AI score0.0125EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/12/16 12:0 a.m.11 views

Duplicate Advisory: Remote Code Execution in AjaxNetProfessional

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r7c-6w96-8pvw. This link is maintained to preserve external references. Original Description All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of...

9.8CVSS8.8AI score0.88768EPSS
Exploits2References6
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/25 12:0 a.m.11 views

HTTP Request Smuggling in actix-http

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

7.5CVSS6.9AI score0.0181EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/25 12:0 a.m.11 views

Use after free in actix-service

An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

5.5CVSS6.1AI score0.00374EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/25 12:0 a.m.11 views

Use of Uninitialized Resource in alg_ds

An issue was discovered in the algds crate through 2020-08-25 for Rust. Matrix::new internally calls Matrix::fillwith which uses ptr = value pattern to initialize the buffer. This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of...

9.8CVSS7.2AI score0.0123EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2017/09/14 12:0 a.m.11 views

Fake package, execution of benign malware

Copies of several well known Python packages were published under slightly modified names in the official Python package repository PyPI prominent example includes urllib vs. urrlib3, bzip vs. bzip2, etc.. These packages contain the exact same code as their upstream package thus their functionali...

1.6AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2017/05/07 12:0 a.m.11 views

Cookie leakage, non-restricted cookie acceptance

Cookies of foo.bar.example.com are leaked to foo.bar. Additionally, any site can set cookies for any other site...

2.2AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/16 12:0 a.m.10 views

Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite the...

7.5CVSS5.3AI score0.00267EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/22 12:0 a.m.10 views

Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance

Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth identity...

5.8AI score0.00035EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/06 12:0 a.m.10 views

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upload a crafted backup archive that overwrites the application's configuration file...

9.8CVSS6AI score0.00764EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/23 12:0 a.m.10 views

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

9.8CVSS7.5AI score0.00938EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/23 12:0 a.m.10 views

go-ntlmssp NTLM challenges can panic on malformed payloads

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

7.5CVSS5.8AI score0.01027EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/03 12:0 a.m.10 views

Antrea has Missing Encryption of Sensitive Data

This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly...

7.5CVSS5.9AI score0.00121EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.10 views

HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...

9.1CVSS5.9AI score0.00158EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.10 views

Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion

TaskAttachment.ReadOne queries attachments by ID only WHERE id = ?, ignoring the task ID from the URL path. The permission check in CanRead validates access to the task specified in the URL, but ReadOne loads a different attachment that may belong to a task in another project. This allows any...

8.1CVSS5.8AI score0.00265EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.10 views

Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download

The DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their OIDC profile picture URL can force the Vikunja server to make HTTP GET requests to...

7.4CVSS5.9AI score0.00395EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/23 12:0 a.m.10 views

Rails has a possible XSS vulnerability in its Action View tag helpers

When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/20 12:0 a.m.10 views

Vikunja Affected by DoS via Image Preview Generation

Vulnerability: Unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. - Affected code: - Decoding without bounds: taskattachment.go:GetPreview - Resizing path: resizeImage - Endpoint...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.10 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
Total number of security vulnerabilities1518