Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/01/15 12:0 a.m.9 views

alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass

application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET or $REQUEST, so an attacker can perform CSRF by forcing a victim's browser t...

8.8CVSS6.9AI score0.00203EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/18 12:0 a.m.9 views

Amazon S3 Encryption Client for .NET has a Key Commitment Issue

S3 Encryption Client for .NET S3EC is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamanders"...

6CVSS6.7AI score0.00094EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/16 12:0 a.m.9 views

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modified...

6.5CVSS6.8AI score0.00262EPSS
Exploits0References14Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/10 12:0 a.m.9 views

1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

5.1CVSS7.1AI score0.00179EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/08 12:0 a.m.9 views

1Panel – CAPTCHA Bypass via Client-Controlled Flag

A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed, enabling...

7.5CVSS7.2AI score0.00405EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/08 12:0 a.m.9 views

1Panel – CAPTCHA Bypass via Client-Controlled Flag

A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed, enabling...

7.5CVSS7.2AI score0.00405EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/03 12:0 a.m.9 views

alexusmai laravel-file-manager is vulnerable to Directory Traversal

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation...

6.5CVSS7AI score0.00517EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.9 views

@accordproject/concerto-metamodel contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.9 views

@accordproject/concerto-types contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/22 12:0 a.m.9 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/07 12:0 a.m.9 views

Akka.Remote TLS did not properly implement certificate-based authentication

This is a critical network security vulnerability for Akka.Remote users who have SSL / TLS enabled on their Akka.Remote connections and were expecting certificate-based authentication to be enforced on all peers attempting to join the network. In all versions of Akka.Remote from v1.2.0 to v1.5.51...

9.3CVSS7AI score0.00374EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/26 12:0 a.m.9 views

Hutool allows remote code execution (RCE) via the QLExpressEngine class

An issue was discovered in chinabugotech hutool before 5.8.40 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution RCE via the QLExpressEngine class...

6.5CVSS8.7AI score0.00315EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/22 12:0 a.m.9 views

H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS7.3AI score0.00839EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.9 views

Dragonfly's manager makes requests to external endpoints with disabled TLS authentication

The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client Timeout:...

6.9CVSS6.7AI score0.00159EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.9 views

DragonFly has weak integrity checks for downloaded files

The DragonFly2 uses a variety of hash functions, including the MD5 hash. This algorithm does not provide collision resistance; it is secure only against preimage attacks. While these security guarantees may be enough for the DragonFly2 system, it is not completely clear if there are any scenarios...

6.9CVSS6.8AI score0.00152EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/26 12:0 a.m.9 views

Easy!Appointments SQL injection vulnerability

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the orderby parameter...

8.1CVSS8.5AI score0.00333EPSS
Exploits2References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/19 12:0 a.m.9 views

Default Credentials in nginx-defender Configuration Files

This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml, docker-compose.yml contain default credentials defaultpassword: "changemeplease", GFSECURITYADMINPASSWORD=admin123. If users deploy nginx-defender without changing these defaults,...

6.5CVSS7.3AI score0.00223EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/02/10 12:0 a.m.9 views

Server-Side Request Forgery (SSRF) in activitypub_federation

This vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request...

4CVSS6AI score0.00406EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/08/08 12:0 a.m.9 views

Gas mispricing in cosmwasm-vm

Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.3, 2.0.2, 2.1.1...

7.2AI score
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/06/05 12:0 a.m.9 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/05/29 12:0 a.m.9 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/03 12:0 a.m.9 views

Etcd pkg Insecure ciphers are allowed by default

Vulnerability type Cryptography Detail The TLS ciphers list supported by etcd contains insecure cipher suites. Users can configure the desired ciphers using the “--cipher-suites” flag, and a default list of secure cipher suites is used if empty. Workarounds By default, no action is required. If...

7AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/03 12:0 a.m.9 views

Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only

Vulnerability type Logging Detail etcd users who have no password can authenticate only through a client certificate. When such users try to authenticate into etcd using the Authenticate endpoint, errors are logged with insufficient information regarding why the authentication failed, and may be...

7.2AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/17 12:0 a.m.8 views

HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS

The fix for CVE-2026-45367 added RegexTimeout protection to the matches function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In org.hl7.fhir.dstu2, replaceMatches was updated while matches at line 2462 still calls the raw String.matchessw without any...

7.5CVSS5.2AI score0.00354EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/28 12:0 a.m.8 views

QOS.CH Sarl logback logback-core has a deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

6.3CVSS6.4AI score0.0037EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.8 views

Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources

The migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trello migration, file attachment URLs from the third-party API response are passed directly ...

6.4CVSS5.9AI score0.00272EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.8 views

Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

The LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from reading individual shares via ReadOne, the ReadAllWeb handler bypasses this check by never...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/20 12:0 a.m.8 views

Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments

An authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/20 12:0 a.m.8 views

Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement

A flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The ResetPassword function sets the user’s status to StatusActive after a successful password reset without verifying whether the account was previously disabled. By requesting a reset token through...

8.1CVSS5.8AI score0.00363EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/20 12:0 a.m.8 views

Vikunja has TOTP Reuse During Validity Window

Any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window...

5.7CVSS5.8AI score0.00258EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.8 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.8 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.8 views

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped...

6.9CVSS5.7AI score0.00265EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/25 12:0 a.m.8 views

Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure

Details The application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application does not sanitize SVG content before storing it. When the uploaded SVG file is...

7.3CVSS5.9AI score0.00453EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/06 12:0 a.m.8 views

Antrea has invalid enforcement order for network policy rules caused by integer overflow

Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. If a user creates a large...

9.3CVSS5.4AI score0.00444EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/04 12:0 a.m.8 views

melange affected by potential host command execution via license-check YAML mode patch pipeline

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

7.8CVSS6AI score0.00175EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/03 12:0 a.m.8 views

melange QEMU runner could write files outside workspace directory

An attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries without validating that paths stay within the workspace, allowing Path Traversal via ../ sequences...

8.4CVSS5.4AI score0.00167EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/03 12:0 a.m.8 views

apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/22 12:0 a.m.8 views

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

7.8CVSS5.4AI score0.00244EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/10 12:0 a.m.8 views

1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7.1CVSS6.8AI score0.00133EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/04 12:0 a.m.8 views

alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

9.1CVSS7AI score0.00894EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.8 views

@accordproject/concerto-linter-default-ruleset contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.8 views

@accordproject/markdown-it-cicero contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.8 views

@actbase/css-to-react-native-transform contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.8 views

@actbase/native contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.8 views

02-echo contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.8 views

@actbase/react-native-kakao-navi contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.8 views

@actbase/react-kakaosdk contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.8 views

@actbase/react-native-less-transformer contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.8 views

@actbase/react-native-naver-login contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities1518