Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2025/11/20 12:0 a.m.•8 views

Resty has a Path Traversal vulnerability

A security vulnerability has been detected in Dreampie Resty versions up to the 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to...

8.1CVSS6.5AI score0.00658EPSS
Exploits1References7
GitLab Advisory Database
GitLab Advisory Database
•added 2025/10/22 12:0 a.m.•8 views

Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a...

7.2CVSS8.2AI score0.00395EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/10/09 12:0 a.m.•8 views

Amazon.IonDotnet is vulnerable to Denial of Service attacks

Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under certain circumstances, the library could an infinite loop, resulting in denial of service. As of August 20, 2025, this library has been deprecated and will not receiv...

8.7CVSS6.8AI score0.00403EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
•added 2025/09/17 12:0 a.m.•8 views

Dragonfly vulnerable to server-side request forgery

There are multiple server-side request forgery SSRF vulnerabilities in the DragonFly2 system. The vulnerabilities enable users to force DragonFly2’s components to make requests to internal services, which otherwise are not accessible to the users. One SSRF attack vector is exposed by the Manager’...

6.9CVSS6.8AI score0.00231EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/09/17 12:0 a.m.•8 views

Dragonfly doesn't have authentication enabled for some Manager’s endpoints

The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create preheat jobs. An unauthenticated adversary with network access to a Manager web UI uses /api/v1/jobs endpoi...

9.1CVSS7AI score0.00361EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/08/08 12:0 a.m.•8 views

ExecuTorch heap buffer overflow vulnerability

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be...

9.8CVSS7.9AI score0.00664EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/08/08 12:0 a.m.•8 views

ExecuTorch out-of-bounds access vulnerability

An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit fb03b6f85596a8f954d97929075335255b6a58d4...

9.8CVSS7.6AI score0.00593EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/08/08 12:0 a.m.•8 views

ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006...

9.8CVSS7.8AI score0.00593EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/04 12:0 a.m.•8 views

wasmvm: Malicious smart contract can slow down block production

CWA-2025-002 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to slow down block production. The attack requires a malicious...

7AI score
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/04 12:0 a.m.•8 views

wasmvm: Malicious smart contract can slow down block production

CWA-2025-002 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to slow down block production. The attack requires a malicious...

7AI score
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/10/15 12:0 a.m.•8 views

Agent Dart is missing certificate verification checks

Certificate verification in lib/agent/certificate.dart has been found to contain two issues: - During the delegation verification in checkDelegation function the canisterranges aren't verified. The impact of not checking the canisterranges is that a subnet can sign canister responses in behalf of...

8.7CVSS5.9AI score0.00353EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/09/06 12:0 a.m.•8 views

H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...

9.1CVSS7.3AI score0.00899EPSS
Exploits1References9
GitLab Advisory Database
GitLab Advisory Database
•added 2024/02/03 12:0 a.m.•8 views

Etcd embed auto compaction retention negative value causing a compaction loop or a crash

Data Validation...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/02/03 12:0 a.m.•8 views

Etcd Gateway TLS endpoint validation only confirms TCP reachability

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv fla...

7.2AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/12/06 12:0 a.m.•8 views

pubnub Insufficient Entropy vulnerability

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...

5.9CVSS6.3AI score0.00955EPSS
Exploits1References22Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/04/08 12:0 a.m.•8 views

Insecure temporary file usage in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...

9.1CVSS7.2AI score0.01737EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/01/06 12:0 a.m.•8 views

Out-of-bounds Write in actix-web

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

9.8CVSS7.2AI score0.01324EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/08/25 12:0 a.m.•8 views

Use-after-free in actix-codec

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...

9.8CVSS7.2AI score0.01629EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/08/25 12:0 a.m.•8 views

Use-after-free in actix-http

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

7.5CVSS7.1AI score0.01406EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/08/25 12:0 a.m.•8 views

Data race in abox

Affected versions of this crate implements Send/Sync for AtomicBox without requiring T: Send/T: Sync. This allows to create data races to T: !Sync and send T: !Send to another thread. Such behavior breaks the compile-time thread safety guarantees of Rust, and allows users to incur undefined...

8.1CVSS7.1AI score0.00766EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2 days ago•7 views

DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eval

The FileCatalog DatasetManager runs a query on the database and passes the result to eval. The SQL query contains an injection vulnerability which allows an authenticated user to control the parameter returned to the eval resulting in remote code execution...

6.3AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 5 days ago•7 views

BabelDOC: Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py

BabelDOC's vendored PDF parser babeldoc/pdfminer/cmapdb.py deserializes untrusted pickle data when loading CMap files. The loaddata method strips only NUL bytes from a PDF-controlled CMap name, then passes it directly to os.path.join and pickle.loads. Because Python's os.path.join discards all...

6.5AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 6 days ago•7 views

org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...

6.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 6 days ago•7 views

org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...

6.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 6 days ago•7 views

org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...

6.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 6 days ago•7 views

org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...

6.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 6 days ago•7 views

org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...

6.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/07/06 12:0 a.m.•7 views

9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover

The /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED middleware check, which only validates JWT or CLI token...

9.9CVSS5.8AI score0.00685EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/07/06 12:0 a.m.•7 views

Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.1AI score
Exploits0References12Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/07/02 12:0 a.m.•7 views

9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass

9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, any...

5.8AI score0.0019EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/06/23 12:0 a.m.•7 views

Flask-Security has an Open Redirect issue

flasksecurity.utils.validateredirecturl can allow an attacker-controlled redirect URL when subdomain redirects are enabled. The bypass uses a backslash inside the URL authority/host: text http://evil.com.whitelist.com http://evil.com%5C.whitelist.com Python's urlsplit parses the full authority as...

6.1CVSS6.3AI score0.01079EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/30 12:0 a.m.•7 views

FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

The FHIR Validator HTTP service exposes an unauthenticated /loadIG endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith URL prefix matching flaw in the credential provider ManagedWebAccessUtils.getServer, an attacker can steal authentication tokens...

9.3CVSS5.9AI score0.00299EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/27 12:0 a.m.•7 views

AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction

This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

5.7AI score
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/27 12:0 a.m.•7 views

AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction

This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

5.7AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/25 12:0 a.m.•7 views

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw, and reac...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/20 12:0 a.m.•7 views

Vikunja read-only users can delete project background images via broken object-level authorization

The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/16 12:0 a.m.•7 views

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...

6AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/16 12:0 a.m.•7 views

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped...

6.9CVSS5.7AI score0.00265EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/13 12:0 a.m.•7 views

CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification

Kozea/CairoSVG 300K downloads/week has exponential denial of service via recursive element amplification in cairosvg/defs.py line 335. This causes CPU exhaustion from a small input...

7.5CVSS5.8AI score0.0049EPSS
Exploits2References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/13 12:0 a.m.•7 views

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memor...

7.5CVSS5.8AI score0.00542EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/03/12 12:0 a.m.•7 views

Trix has a Stored XSS vulnerability through serialized attributes

The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a data-trix-serialized-attributes attribute bypasses the DOMPurify sanitizer. An attacker could craft HTML containing a data-trix-serialized-attributes attribute with a malicious payload that, when the content is...

6AI score
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/02/11 12:0 a.m.•7 views

Vikunja Vulnerable to XSS Via Task Preview

The task preview component creates a unparented div. The div's innerHtml is set to the unescaped description of the task...

8.6CVSS5.5AI score0.00227EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/02/03 12:0 a.m.•7 views

melange pipeline working-directory could allow command injection

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping...

8.8CVSS5.8AI score0.00176EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/01/22 12:0 a.m.•7 views

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

7.8CVSS5.4AI score0.00244EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/01/16 12:0 a.m.•7 views

Active Job - Object injection security vulnerability

Active Job vulnerability: An Active Job bug allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability...

7.3AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/01/16 12:0 a.m.•7 views

Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter

A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...

8.4AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/01/16 12:0 a.m.•7 views

Crawl4AI Has Local File Inclusion in Docker API via file:// URLs

A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...

9.2CVSS5.7AI score0.00609EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/01/15 12:0 a.m.•7 views

Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

8.8CVSS8AI score0.00307EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/01/09 12:0 a.m.•7 views

jose-swift has JWT Signature Verification Bypass via None Algorithm

An authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting "alg": "none" in the token header. The library's verification functions immediately return true for such tokens without performing any cryptographic verification, enabling complete...

7.4AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/12/31 12:0 a.m.•7 views

Trix has a stored XSS vulnerability through its attachment attribute

The Trix editor, in versions prior to 2.1.16, is vulnerable to XSS attacks through attachment payloads. An attacker could inject malicious code into a data-trix-attachment attribute that, when rendered as HTML and clicked on, could execute arbitrary JavaScript code within the context of the user'...

6.5AI score
Exploits0References6Affected Software1
Total number of security vulnerabilities1518