Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/04 12:0 a.m.•71 views

Arbitrary file deletion in gitea

An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service DoS via deleting the configuration file...

7.5CVSS5.3AI score0.0097EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/02 12:0 a.m.•71 views

Django Regex Algorithmic Complexity Causes Denial of Service

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

5CVSS6.1AI score0.03686EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/07 12:0 a.m.•71 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file...

7.7CVSS4.1AI score0.02693EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•70 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd/v2...

9CVSS2AI score0.00915EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/05/17 12:0 a.m.•70 views

Open Redirect in Flask-Security-Too

Flask-Security allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc network location as the requesting URL. This check utilizes Pythons...

6.1CVSS5.2AI score0.03289EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/10/01 12:0 a.m.•70 views

Improper Input Validation

In the @actions/core npm module, addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modified...

5CVSS3.9AI score0.01501EPSS
Exploits2References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/02/03 12:0 a.m.•70 views

Improper Access Control

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...

7.7CVSS5.5AI score0.01583EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/06/07 12:0 a.m.•69 views

Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7AI score0.00549EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/02/07 12:0 a.m.•69 views

Go SSH library vulnerable to Man-in-the-Middle attacks

The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...

8.1CVSS4AI score0.03156EPSS
Exploits0References12Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/01/10 12:0 a.m.•69 views

Session Fixation

KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4...

7.5CVSS6.2AI score0.00403EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/01/09 12:0 a.m.•69 views

Duplicate of ./go/github.com/KubeOperator/KubePi/CVE-2023-22478.yml

API interfaces with unauthorized access will leak sensitive information via /kubepi/api/v1/systems/operation/logs/search and /kubepi/api/v1/systems/login/logs/search...

7.5CVSS7.1AI score0.03573EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/12/13 12:0 a.m.•69 views

hutool-json stack overflow vulnerability

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

7.5CVSS4.6AI score0.00943EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/15 12:0 a.m.•69 views

Improper Input Validation

docker2aci = 0.12.3 has an infinite loop when handling local images with cyclic dependency chain...

4CVSS0.9AI score0.00358EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/07/29 12:0 a.m.•68 views

Admidio has Blind SQL Injection in ecard_send.php

Description: An SQL Injection has been identified in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of ecardrecipients POST parameter is being directly concatenated with the SQ...

9.9CVSS8.7AI score0.00931EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/12/24 12:0 a.m.•68 views

ActiveAdmin vulnerable to CSV injection

csvbuilder.rb in ActiveAdmin aka Active Admin before 3.2.0 allows CSV injection...

9.8CVSS7.5AI score0.0095EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/06/30 12:0 a.m.•68 views

Insecure Default Initialization of Resource

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...

3.6CVSS6.6AI score0.00166EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/22 12:0 a.m.•68 views

Use after free in Animation

The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other public information on the issue...

8.8CVSS2.5AI score0.23546EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/15 12:0 a.m.•68 views

Arbitrary Command Injection

In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection...

9.8CVSS4.2AI score0.04107EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/06/24 12:0 a.m.•68 views

Information Exposure

An issue was discovered in the acf-to-rest-api plugin for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and password values...

7.5CVSS2.1AI score0.13463EPSS
Exploits2References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/04/21 12:0 a.m.•67 views

Observable Discrepancy

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.1CVSS8.6AI score0.00864EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/08/31 12:0 a.m.•67 views

Allocation of Resources Without Limits or Throttling

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer...

5.5CVSS1.3AI score0.00397EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2018/07/23 12:0 a.m.•67 views

Denial of service in django

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

5CVSS8AI score0.03024EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/19 12:0 a.m.•66 views

QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

5.9CVSS7.7AI score0.00404EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/08/04 12:0 a.m.•66 views

Deserialization of Untrusted Data

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

9.8CVSS7.5AI score0.01761EPSS
Exploits0References14Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/06/07 12:0 a.m.•66 views

SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...

7.5CVSS7AI score0.00556EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/03/24 12:0 a.m.•66 views

Exposure of Sensitive Information to an Unauthorized Actor

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5....

9.9CVSS2.6AI score0.01201EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2026/04/03 12:0 a.m.•65 views

CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing

A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/08/05 12:0 a.m.•65 views

CasaOS Command Injection vulnerability

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

8.8CVSS7.3AI score0.0127EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/11/12 12:0 a.m.•65 views

otelgrpc DoS vulnerability due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...

7.5CVSS7AI score0.01592EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/12/12 12:0 a.m.•65 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Alist v3.5.1 is vulnerable to Cross Site Scripting XSS via the bulletin board...

5.4CVSS2.6AI score0.00465EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/02 12:0 a.m.•65 views

Django Admin Media Handler Vulnerable to Directory Traversal

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL...

5CVSS6.2AI score0.02265EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/10/24 12:0 a.m.•65 views

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

4.3CVSS7.4AI score0.03931EPSS
Exploits2References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/05/13 12:0 a.m.•65 views

Local File inclusion

A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI...

4CVSS6.1AI score0.08809EPSS
Exploits2References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/02/08 12:0 a.m.•64 views

DIRAC's TokenManager does not check permissions on cached tokens

Any user could get a token that has been requested by another user/agent...

9.1CVSS8.3AI score0.00534EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/01/06 12:0 a.m.•64 views

Use of Hard-coded Credentials

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

9.8CVSS9AI score0.69667EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/08 12:0 a.m.•64 views

Path Traversal in Git HTTP endpoints in Gogs

Impact The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected. Patches Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...

8.1CVSS1.4AI score0.51136EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/14 12:0 a.m.•64 views

Django Might Allow CSRF Requests via URL Verification

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...

5CVSS6.3AI score0.02341EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/08/05 12:0 a.m.•64 views

Remote Code Execution via unsafe classes in otherwise permitted modules

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

7.2CVSS7.5AI score0.02032EPSS
Exploits0References13Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2020/10/27 12:0 a.m.•64 views

Out-of-bounds Write

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

9.6CVSS3.4AI score0.5063EPSS
Exploits2References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2019/09/16 12:0 a.m.•64 views

Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

The File Session Manager in Beego allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...

4.7CVSS3.6AI score0.00199EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/01/13 12:0 a.m.•64 views

Unsafe Query Generation Risk in Ruby on Rails

Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query,...

6.4CVSS2.5AI score0.08245EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/12/28 12:0 a.m.•63 views

Potential CSV export data leak

Impact In ActiveAdmin versions prior to 2.12.0, a concurrency issue was found that could allow a malicious actor to be able to access potentially private data that belongs to another user. The bug affects the functionality to export data as CSV files, and was caused by a variable holding the...

6.5CVSS6.9AI score0.00496EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/24 12:0 a.m.•63 views

Authentication Bypass by Spoofing

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...

10CVSS2.5AI score0.01947EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/13 12:0 a.m.•63 views

Improper Restriction of Operations within the Bounds of a Memory Buffer

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...

7.5CVSS2.8AI score0.02832EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/22 12:0 a.m.•64 views

Use after free in Animation

The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other public information on the issue...

8.8CVSS2.5AI score0.23546EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/12/06 12:0 a.m.•63 views

XSS Vulnerability in number_to_currency

The numbertocurrency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack...

4.3CVSS3.3AI score0.03171EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/07/21 12:0 a.m.•62 views

Exposure of Sensitive Information to an Unauthorized Actor

KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user including admin. A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users...

7.5CVSS6.7AI score0.00681EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/12/28 12:0 a.m.•62 views

Cloud Foundry Archiver vulnerable to path traversal

Due to improper path santization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.1CVSS4AI score0.01188EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/03/02 12:0 a.m.•62 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...

5.4CVSS3.2AI score0.00682EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/07/26 12:0 a.m.•62 views

Insecure Default Initialization of Resource

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be ke...

8.8CVSS4AI score0.018EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities1518