Lucene search
K
GitlabRecent

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2025/10/22 12:0 a.m.8 views

Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a...

7.2CVSS8.2AI score0.00395EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/22 12:0 a.m.9 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/20 12:0 a.m.12 views

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers

The GoCardless components in Actualbudget in are logging responses to STDOUT in a parsed format using console.logand console.debug Which in this version of node is an alias for console.log. This is exposing sensitive information in log files including, but not limited to: - Gocardless bearer...

6.6AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/16 12:0 a.m.11 views

Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

9.8CVSS7.8AI score0.02079EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/15 12:0 a.m.38 views

gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization

During deserialization of ECDSA and EdDSA signatures gnark-crypto did not check that the values are in the range 1, n-1 with n being the corresponding modulus either base field modulus in case of R in EdDSA, and scalar field modulus in case of s,r in ECDSA and s in EdDSA. As this also allowed zer...

9.8CVSS8.4AI score0.00844EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/15 12:0 a.m.12 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/10 12:0 a.m.24 views

Alt Redirect: Potential Authentication Bypass by Spoofing through query-string stripping logic flaw

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter...

6.5CVSS6.9AI score0.00213EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/09 12:0 a.m.8 views

Amazon.IonDotnet is vulnerable to Denial of Service attacks

Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under certain circumstances, the library could an infinite loop, resulting in denial of service. As of August 20, 2025, this library has been deprecated and will not receiv...

8.7CVSS6.8AI score0.00403EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/07 12:0 a.m.9 views

Akka.Remote TLS did not properly implement certificate-based authentication

This is a critical network security vulnerability for Akka.Remote users who have SSL / TLS enabled on their Akka.Remote connections and were expecting certificate-based authentication to be enforced on all peers attempting to join the network. In all versions of Akka.Remote from v1.2.0 to v1.5.51...

9.3CVSS7AI score0.00374EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/07 12:0 a.m.12 views

Akka.Remote TLS did not properly implement certificate-based authentication

This is a critical network security vulnerability for Akka.Remote users who have SSL / TLS enabled on their Akka.Remote connections and were expecting certificate-based authentication to be enforced on all peers attempting to join the network. In all versions of Akka.Remote from v1.2.0 to v1.5.51...

9.3CVSS7AI score0.00374EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/01 12:0 a.m.11 views

QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...

7CVSS7.3AI score0.00181EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/26 12:0 a.m.9 views

Hutool allows remote code execution (RCE) via the QLExpressEngine class

An issue was discovered in chinabugotech hutool before 5.8.40 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution RCE via the QLExpressEngine class...

6.5CVSS8.7AI score0.00315EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/22 12:0 a.m.9 views

H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS7.3AI score0.00839EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.8 views

Dragonfly vulnerable to server-side request forgery

There are multiple server-side request forgery SSRF vulnerabilities in the DragonFly2 system. The vulnerabilities enable users to force DragonFly2’s components to make requests to internal services, which otherwise are not accessible to the users. One SSRF attack vector is exposed by the Manager’...

6.9CVSS6.8AI score0.00231EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.9 views

Dragonfly's manager makes requests to external endpoints with disabled TLS authentication

The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client Timeout:...

6.9CVSS6.7AI score0.00159EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.29 views

Dragonfly incorrectly handles a task structure’s usedTrac field

The processPieceFromSource method figure 4.1 is part of a task processing mechanism. The method writes pieces of data to storage, updating a Task structure along the way. The method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to the...

7.5CVSS7AI score0.00331EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.84 views

Dragonfly's directories created via os.MkdirAll are not checked for permissions

DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path already exists. This allows a local attacker to create a directory to be used later by DragonFly2 with broa...

5.1CVSS6.7AI score0.00106EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.10 views

Dragonfly vulnerable to timing attacks against Proxy’s basic authentication

The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison instruction’...

6.9CVSS7.1AI score0.00315EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.61 views

DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error

We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error figures 9.1 and 9.2. This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug. golang...

6.9CVSS7.1AI score0.00293EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.10 views

DragonFly vulnerable to arbitrary file read and write on a peer machine

A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain remote co...

9.8CVSS8.3AI score0.0068EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.11 views

DragonFly's manager generates mTLS certificates for arbitrary IP addresses

A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if the pee...

8.7CVSS7.2AI score0.00219EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.9 views

DragonFly has weak integrity checks for downloaded files

The DragonFly2 uses a variety of hash functions, including the MD5 hash. This algorithm does not provide collision resistance; it is secure only against preimage attacks. While these security guarantees may be enough for the DragonFly2 system, it is not completely clear if there are any scenarios...

6.9CVSS6.8AI score0.00152EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.13 views

DragonFly's tiny file download uses hard coded HTTP protocol

The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. Due to the use of weak integrity...

6.9CVSS7AI score0.0013EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.8 views

Dragonfly doesn't have authentication enabled for some Manager’s endpoints

The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create preheat jobs. An unauthenticated adversary with network access to a Manager web UI uses /api/v1/jobs endpoi...

9.1CVSS7AI score0.00361EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/11 12:0 a.m.13 views

Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT...

6.5CVSS7.2AI score0.00376EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/26 12:0 a.m.9 views

Easy!Appointments SQL injection vulnerability

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the orderby parameter...

8.1CVSS8.5AI score0.00333EPSS
Exploits2References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/21 12:0 a.m.16 views

hippo4j Includes Hard Coded Secret Key in JWT Creation

hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...

8.8CVSS7.5AI score0.00325EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/20 12:0 a.m.8 views

Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7....

5.4CVSS6AI score0.002EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/19 12:0 a.m.9 views

Default Credentials in nginx-defender Configuration Files

This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml, docker-compose.yml contain default credentials defaultpassword: "changemeplease", GFSECURITYADMINPASSWORD=admin123. If users deploy nginx-defender without changing these defaults,...

6.5CVSS7.3AI score0.00223EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/14 12:0 a.m.38 views

Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...

7.4AI score0.02388EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/13 12:0 a.m.28 views

swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability

The HTTP/2 MadeYouReset vulnerability has a mild effect on swift-nio-http2. swift-nio-http2 mostly protects against MadeYouReset by using a number of existing denial-of-service prevention patterns that we added in response to the RapidReset vulnerabilities. The result is that servers are not...

7.2AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.10 views

ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73...

9.8CVSS7.8AI score0.00593EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.5 views

ExecuTorch heap buffer overflow vulnerability

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be...

9.8CVSS6.7AI score0.00664EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.5 views

ExecuTorch out-of-bounds access vulnerability

An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit fb03b6f85596a8f954d97929075335255b6a58d4...

9.8CVSS6.5AI score0.00593EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.7 views

ExecuTorch vulnerable to Heap-based Buffer Overflow

A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c...

9.8CVSS6.7AI score0.00664EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.5 views

ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006...

9.8CVSS6.5AI score0.00593EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.7 views

ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73...

9.8CVSS6.5AI score0.00593EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.8 views

ExecuTorch heap buffer overflow vulnerability

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be...

9.8CVSS7.9AI score0.00664EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.8 views

ExecuTorch out-of-bounds access vulnerability

An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit fb03b6f85596a8f954d97929075335255b6a58d4...

9.8CVSS7.6AI score0.00593EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.10 views

ExecuTorch vulnerable to Heap-based Buffer Overflow

A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c...

9.8CVSS8AI score0.00664EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.8 views

ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006...

9.8CVSS7.8AI score0.00593EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/04 12:0 a.m.25 views

The ADOdb sqlite3 driver allows SQL injection

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns, metaForeignKeys or metaIndexes methods with a crafted table name. Note that the indicated Severity corresponds to a...

10CVSS7.7AI score0.00468EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/01 12:0 a.m.11 views

1Panel agent certificate verification bypass leading to arbitrary command execution

First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows you to control other hosts by adding nodes. - The HTTPS protocol used for communication between the Core and Agent sides did not fully verify the...

9.8CVSS7.2AI score0.00901EPSS
Exploits5References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/07/21 12:0 a.m.7 views

Alchemy Non-SMA and Webauthn Account Security Advisory

A potential security issue has been mitigated on old account deployment functions from the factory. Smart wallets in use on all existing supported networks are not impacted...

7.2AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/07/18 12:0 a.m.11 views

apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files

It was discovered that the ld.so.cache in images generated by apko had file system permissions mode 0666: bash-5.3 find / -type f -perm -o+w /etc/ld.so.cache...

7CVSS6.4AI score0.00118EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/07/18 12:0 a.m.59 views

melange's world-writable permissions expose SBOM files to potential image tampering

It was discovered that the SBOM files generated by melange in apks had file system permissions mode 666: $ apkrane ls https://packages.wolfi.dev/os/x8664/APKINDEX.tar.gz -P hello-wolfi --full --latest | xargs wget -q -O - | tar tzv 2/dev/null var/lib/db/sbom drwxr-xr-x root/root 0 2025-06-23 14:1...

4.4CVSS6.3AI score0.00125EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/07/11 12:0 a.m.8 views

ExecuTorch vulnerable to Heap-based Buffer Overflow attack

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

8.1CVSS7.3AI score0.00351EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/07/11 12:0 a.m.7 views

ExecuTorch vulnerable to Heap-based Buffer Overflow attack

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

8.1CVSS6.2AI score0.00351EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/06/11 12:0 a.m.11 views

CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error

CWA-2025-006: Improper error handling may lead to IBC channel opening despite error Severity High Considerable + Likely^1 Affected versions: - wasmd 0.60.0 - wasmd = 0.51.0 0.55.1 Patched versions: - wasmd 0.60.1, 0.55.1, 0.54.1, 0.53.3 Description of the bug A contract erroring during IBC channe...

6.9AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/05/21 12:0 a.m.15 views

Ackites KillWxapkg Zip Bomb Resource Exhaustion

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...

3.1CVSS6.7AI score0.0036EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities1518