Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2022/07/13 12:0 a.m.521 views

Incorrect Authorization

All unpatched versions of Argo CD starting with v1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level...

9CVSS6.3AI score0.01237EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/04 12:0 a.m.222 views

apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root

A crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same or later archive could traverse that symlink to reach host paths the build user could write to. The root cause was the sanitizePath...

7.5CVSS5.8AI score0.00352EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/10/12 12:0 a.m.175 views

Use of a Broken or Risky Cryptographic Algorithm

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM and other AEAD ciphers such as AES-GCM-SIV or XChaCha20Poly1305 used by the SDKs to encrypt messages, an attacker can craft a...

8.1CVSS2.8AI score0.00394EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/10/25 12:0 a.m.163 views

SaToken privilege escalation vulnerability

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...

9.8CVSS7.5AI score0.00964EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/04/12 12:0 a.m.147 views

CVE-2025-1386- Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS6.8AI score0.00368EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/06 12:0 a.m.134 views

CasaOS-UserService allows unauthorized access to any file

Summary http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/1/avatar.png Originally it was to get the url of the user's avatar, but the path filtering was not strict, making it possible to get any file on the system. Details Construct paths to get any file. Such as the CasaOS user database,...

9.8CVSS6.8AI score0.00971EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/08/25 12:0 a.m.127 views

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c...

5.5CVSS5.8AI score0.00328EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/24 12:0 a.m.122 views

Authentication Bypass by Spoofing

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...

10CVSS2.5AI score0.01947EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/04/21 12:0 a.m.121 views

Observable Discrepancy

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

7.5CVSS7.2AI score0.00864EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/17 12:0 a.m.116 views

Uncontrolled Resource Consumption

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...

7.5CVSS3.7AI score0.01492EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/13 12:0 a.m.116 views

Improper Validation of Array Index

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in insertionModeStack.pop in node.go, called from inHeadIM, during an html.Parse call...

7.5CVSS2.2AI score0.02677EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/12/09 12:0 a.m.114 views

Improper Control of Generation of Code ('Code Injection')

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

8.8CVSS1.5AI score0.01406EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/07/01 12:0 a.m.113 views

ag-grid packages vulnerable to Prototype Pollution

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

6.3CVSS8.1AI score0.00827EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/28 12:0 a.m.112 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...

9.8CVSS3.3AI score0.97839EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/05/07 12:0 a.m.106 views

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

5.4CVSS7.8AI score0.00784EPSS
Exploits0References16Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/15 12:0 a.m.106 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that...

6.5CVSS3.6AI score0.01312EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/06 12:0 a.m.102 views

XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...

8.6CVSS8.4AI score0.00975EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/28 12:0 a.m.101 views

api-platform/core's secured properties may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

7.7CVSS6.2AI score0.00604EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/06 12:0 a.m.99 views

CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server...

9.8CVSS9.5AI score0.00977EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/07 12:0 a.m.99 views

Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware

Vapor is an HTTP web framework for Swift and middleware is a logic chain between the client and a Vapor route handler. FileMiddleware enables the serving of assets from the Public folder of a project to the client. Vapor before 4.60.3 is vulnerable to denial of service due to an integer overflow...

7.5CVSS6.9AI score0.0189EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/12/28 12:0 a.m.99 views

Incorrect Resource Transfer Between Spheres

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

7.2CVSS2.2AI score0.00724EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/21 12:0 a.m.97 views

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params

All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows...

8.3CVSS4.8AI score0.00894EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/11 12:0 a.m.97 views

Use of a Broken or Risky Cryptographic Algorithm

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

2.5CVSS2.4AI score0.00231EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/11 12:0 a.m.95 views

Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings...

8.8CVSS7.4AI score0.04088EPSS
Exploits2References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/07/18 12:0 a.m.95 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

8.8CVSS8.2AI score0.05354EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/01/23 12:0 a.m.94 views

MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`

MITM can enable Zip-Slip...

8.1CVSS7.6AI score0.01166EPSS
Exploits1References6
GitLab Advisory Database
GitLab Advisory Database
added 2023/01/09 12:0 a.m.94 views

Duplicate of ./go/github.com/KubeOperator/KubeOperator/CVE-2023-22480.yml

API interfaces with unauthorized access will leak sensitive information via /api/v1/clusters/kubeconfig/...

9.8CVSS8.7AI score0.66768EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/22 12:0 a.m.93 views

Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

An authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256...

2.7CVSS3.2AI score0.00676EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/11 12:0 a.m.93 views

Use of a Broken or Risky Cryptographic Algorithm

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

5.6CVSS3.8AI score0.00348EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/01 12:0 a.m.93 views

Observable Response Discrepancy in Flask-AppBuilder

User enumeration in database authentication in Flask-AppBuilder 3.4.4. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in...

5.3CVSS5AI score0.00953EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/10/05 12:0 a.m.93 views

Cobbler before 3.3.0 allows authorization bypass for modification of settings.

Cobbler before 3.3.0 allows authorization bypass for modification of settings...

7.5CVSS8.5AI score0.01307EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/30 12:0 a.m.93 views

Improper Handling of Case Sensitivity

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

8.3CVSS0.5AI score0.01176EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/01/23 12:0 a.m.92 views

MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`

MITM can enable Zip-Slip...

8.1CVSS7.6AI score0.01166EPSS
Exploits1References6
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/21 12:0 a.m.92 views

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Impact All unpatched versions of Argo CD starting with v1.3.0 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be use...

4.3CVSS0.1AI score0.00827EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/04 12:0 a.m.91 views

Flask-AppBuilder's login form allows browser to cache sensitive fields

Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources...

5.5CVSS6.6AI score0.00262EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/06 12:0 a.m.91 views

1Panel open source panel project has an unauthorized vulnerability.

The steps are as follows: 1. Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. 2. Use Burp to intercept: When opening the browser and entering the URL allowing the first intercepted packet through Burp, the following is displayed: It is found that...

6.3CVSS4.9AI score0.00471EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/07/12 12:0 a.m.91 views

Improper Certificate Validation

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OpenID Connect OIDC...

9.6CVSS1.7AI score0.00763EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/21 12:0 a.m.91 views

Incorrect Default Permissions in Cobbler

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

7.1CVSS6.5AI score0.00311EPSS
Exploits0References13Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/06/02 12:0 a.m.90 views

activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends

Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate these...

6.1CVSS6.5AI score0.00349EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/09 12:0 a.m.89 views

rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

6.3CVSS5.9AI score0.00643EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/09 12:0 a.m.89 views

Uncontrolled Resource Consumption in LengthPrefixedMessageReader

Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of service...

7.5CVSS6.6AI score0.02082EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/11/23 12:0 a.m.89 views

Improper Certificate Validation

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...

8.8CVSS2.2AI score0.00375EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2024/08/06 12:0 a.m.88 views

Gitea Cross-site Scripting Vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0...

10CVSS6.6AI score0.40321EPSS
Exploits3References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/10/19 12:0 a.m.88 views

Deserialization of Untrusted Data

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...

9.8CVSS5.5AI score0.02351EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/21 12:0 a.m.88 views

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Impact All unpatched versions of Argo CD starting with v1.3.0 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be use...

4.3CVSS0.1AI score0.00827EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/27 12:0 a.m.87 views

Cross site scripting in Angular

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

5.4CVSS2.2AI score0.01053EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.86 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

4.3CVSS5.9AI score0.0288EPSS
Exploits2References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/06 12:0 a.m.85 views

XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...

8.6CVSS8.4AI score0.00975EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/09 12:0 a.m.85 views

DIRAC: Unauthorized users can read proxy contents during generation

During the proxy generation process e.g., when using dirac-proxy-init it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short...

8.1CVSS7.1AI score0.00317EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/04/01 12:0 a.m.85 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The package github.com/masterminds/vcs before 1.13.3 is vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection...

9.8CVSS3.1AI score0.01818EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities1518