Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2024/06/07 12:0 a.m.43 views

aimeos-core arbitrary file uopload vulnerability

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file...

7.7AI score
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/08/10 12:0 a.m.43 views

Incorrect Authorization

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may caus...

6.5CVSS6.9AI score0.00382EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/07/17 12:0 a.m.43 views

Authorization Bypass Through User-Controlled Key

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

6.3CVSS7AI score0.00374EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/23 12:0 a.m.43 views

Admidio Improper Access Control vulnerability

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9...

5.9CVSS7AI score0.00415EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/07 12:0 a.m.43 views

Improper Input Validation in etcd

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

6.5CVSS2.9AI score0.01291EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/06 12:0 a.m.43 views

Insertion of Sensitive Information into Log File

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...

5.5CVSS1.2AI score0.00512EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/12/28 12:0 a.m.43 views

YAML Go package vulnerable to denial of service

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

5.5CVSS4.3AI score0.00415EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/10/11 12:0 a.m.43 views

Cross-Site Request Forgery (CSRF)

In AdGuardHome, versions v0.95 through v0.108.0-b.13 is vulnerable to Cross-Site Request Forgery CSRF, in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules...

5.4CVSS5AI score0.0027EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/08/18 12:0 a.m.43 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

5CVSS5.4AI score0.00559EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/07/15 12:0 a.m.43 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...

7.9CVSS2.8AI score0.01431EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/03 12:0 a.m.43 views

Server-Side Request Forgery in gogs webhook

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

8.3CVSS2.7AI score0.01193EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/23 12:0 a.m.43 views

Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

7.1CVSS2.7AI score0.0086EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/22 12:0 a.m.43 views

Access control bypass in beego

The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places e.g., p1.xml instead of p1...

9.8CVSS5.4AI score0.21573EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2019/11/12 12:0 a.m.43 views

Loop with Unreachable Exit Condition (Infinite Loop)

Istio allows Denial of Service because continueonlistenerfilterstimeout is set to True...

7.5CVSS2.9AI score0.01214EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2019/09/16 12:0 a.m.43 views

Incorrect Default Permissions

The File Session Manager in Beego allows local users to read session files because of weak permissions for individual files...

5.5CVSS3.9AI score0.00362EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2016/06/07 12:0 a.m.43 views

Security Misconfiguration Vulnerability

There's an improper default directory umask that can potentially allow unauthorized modifications of PHP code...

7.8CVSS3.7AI score0.00381EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2013/03/19 12:0 a.m.43 views

XSS vulnerability in sanitize_css in Action Pack

Carefully crafted text can bypass the sanitization provided in the sanitizecss method in Action Pack...

4.3CVSS2.9AI score0.0264EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2013/03/19 12:0 a.m.43 views

XSS Vulnerability in the `sanitize` helper

The sanitize helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious...

4.3CVSS0.8AI score0.01868EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/06 12:0 a.m.42 views

XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...

8.6CVSS8.4AI score0.00975EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2024/08/05 12:0 a.m.42 views

RobotsAndPencils go-saml authentication bypass vulnerability

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

7.5CVSS7AI score0.00559EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/06/25 12:0 a.m.42 views

Aimeos HTML client may potentially reveal sensitive information in error log

Debug information can reveal sensitive information from environment variables in error log...

8.8CVSS6.5AI score0.0051EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/28 12:0 a.m.42 views

Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. Impacted...

6.1CVSS4.7AI score0.00567EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/11/22 12:0 a.m.42 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

7.8CVSS7.4AI score0.00249EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/10/16 12:0 a.m.42 views

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS6.2AI score0.01364EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/15 12:0 a.m.42 views

Improper Restriction of XML External Entity Reference

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

7.5CVSS7AI score0.00726EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/12/28 12:0 a.m.42 views

yaml package for Go can consume excessive amounts of CPU or memory

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

7.5CVSS4AI score0.017EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/12/05 12:0 a.m.42 views

Deserialization of Untrusted Data

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.8CVSS3.5AI score0.02386EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/11/01 12:0 a.m.42 views

phpCAS vulnerable to Service Hostname Discovery Exploitation

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

8CVSS1.1AI score0.01064EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/10/14 12:0 a.m.42 views

Missing Release of Resource after Effective Lifetime

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

7.5CVSS4AI score0.01428EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/09/06 12:0 a.m.42 views

Out-of-bounds Write

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service...

7.8CVSS4.3AI score0.00508EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/09/06 12:0 a.m.42 views

Improper Input Validation

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...

7.5CVSS3.5AI score0.00988EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/24 12:0 a.m.42 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

OFFIS DCMTK's All versions prior to 3.6.7 service class provider SCP is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution...

9.8CVSS6.4AI score0.02913EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/24 12:0 a.m.42 views

Uncontrolled Resource Consumption

Some HTTP/2 implementations is vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

7.8CVSS3.5AI score0.83433EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/13 12:0 a.m.42 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

6.1CVSS6.9AI score0.00799EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/05 12:0 a.m.42 views

Django Data leakage via admin history log

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information...

4CVSS5.8AI score0.01805EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/04/06 12:0 a.m.42 views

Improper Link Resolution Before File Access ('Link Following')

An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...

7.8CVSS5.4AI score0.00432EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/22 12:0 a.m.42 views

Use after free in Animation

Use after free in Animation. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available...

8.8CVSS1.7AI score0.23546EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/15 12:0 a.m.42 views

Improper Authentication

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 is vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remote...

8.1CVSS4.7AI score0.04031EPSS
Exploits0References13Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/15 12:0 a.m.42 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type...

6.5CVSS1.6AI score0.01631EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/09/14 12:0 a.m.42 views

Cross-site Scripting

Cross Site Scripting XSS vulnerability exists in the admin panel in Beego via the URI path in an HTTP request, which is activated by administrators viewing the Request Statistics page...

6.1CVSS2AI score0.00795EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/16 12:0 a.m.42 views

Path Traversal

bblfshd is an open source self-hosted server for source code parsing. In bblfshd there is a zipslip vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. This issue may le...

9.1CVSS1.8AI score0.00918EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/13 12:0 a.m.42 views

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

5.9CVSS6.7AI score0.01522EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/05/24 12:0 a.m.42 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...

6.5CVSS3.6AI score0.01517EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/05/18 12:0 a.m.42 views

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

7.5CVSS3AI score0.25939EPSS
Exploits2References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/03/11 12:0 a.m.42 views

Improper Link Resolution Before File Access

When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled...

5.3CVSS1.2AI score0.02622EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2020/12/02 12:0 a.m.42 views

Access of Resource Using Incompatible Type ('Type Confusion')

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.9AI score0.48574EPSS
Exploits3References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2017/07/10 12:0 a.m.42 views

Uncontrolled Resource Consumption

The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is...

7.5CVSS1.9AI score0.048EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/18 12:0 a.m.41 views

@acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

8.7CVSS5.5AI score0.00543EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/21 12:0 a.m.41 views

Nginx-UI: Disabled users retain full API access through previously issued bearer tokens

A user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an attacker who already stole a JWT can continue reading and modifying protected resources...

8.6CVSS5.7AI score0.00274EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/22 12:0 a.m.41 views

Arbitrary Code Execution in Gitea

The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution...

7.2CVSS7.3AI score0.95432EPSS
Exploits12References14Affected Software1
Total number of security vulnerabilities1518