Lucene search
K
GitlabRecent

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2025/05/21 12:0 a.m.•25 views

Ackites KillWxapkg vulnerable to OS Command Injection

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated...

8.1CVSS6.4AI score0.02343EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/05/16 12:0 a.m.•17 views

Flask-AppBuilder open redirect vulnerability using HTTP host injection

Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests...

6.1CVSS6.8AI score0.00191EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/05/07 12:0 a.m.•16 views

Easy!Appointments Denial of Service (DoS)

Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability...

7.5CVSS6.5AI score0.00474EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/05/01 12:0 a.m.•26 views

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario...

10CVSS8.1AI score0.00664EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/04/29 12:0 a.m.•20 views

@account-kit/smart-contracts Allowlist Module Bypass Vulnerability

Allowlist module contains a bypass vulnerability...

7.2AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/04/21 12:0 a.m.•14 views

Infinite loop condition in Amazon.IonDotnet

Amazon.IonDotnet ion-dotnet is a .NET library with an implementation of the Ion data serialization format. An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition...

8.7CVSS6.8AI score0.00545EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
•added 2025/04/18 12:0 a.m.•28 views

Crawl4AI SSRF vulnerability

Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...

9.1CVSS6.8AI score0.00323EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/04/18 12:0 a.m.•13 views

Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious...

9.8CVSS7.6AI score0.01777EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
•added 2025/04/12 12:0 a.m.•147 views

CVE-2025-1386- Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS6.8AI score0.00368EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•14 views

H2O Vulnerable to Execution of Arbitrary Files

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS6.8AI score0.0033EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•21 views

H2O Vulnerable to Arbitrary File Overwrite via File Export

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

7.1CVSS6.7AI score0.00693EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•12 views

H2O Vulnerable to Denial of Service (DoS) and File Write

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS7.1AI score0.00636EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•13 views

H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint

A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...

7.5CVSS6.8AI score0.00588EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•11 views

H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS6.8AI score0.00588EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•20 views

H2O Deserialization of Untrusted Data Vulnerability

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.9AI score0.01441EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•15 views

H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS6.7AI score0.00719EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•15 views

H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

7.5CVSS6.7AI score0.00727EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•51 views

H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controll...

7.5CVSS6.8AI score0.00446EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/20 12:0 a.m.•13 views

H2O Vulnerable to Arbitrary File Overwrite

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

8.2CVSS6.9AI score0.00514EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/03/03 12:0 a.m.•14 views

Flask-AppBuilder Observable Response Discrepancy

User enumeration in database authentication in Flask-AppBuilder = 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login...

5.3CVSS6.9AI score0.00304EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/20 12:0 a.m.•10 views

AutoQueryable leaks sensitive information

An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function...

7.5CVSS7.3AI score0.00499EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/18 12:0 a.m.•38 views

AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass

Authentication using Spid and CIE is based on the SAML2 standard which provides for two entities: Identity Provider IdP: the system that authenticates users and provides identity information SAML assertions to the Service Provider, essentially, it is responsible for managing user credentials and...

9.1CVSS7.3AI score0.0056EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/13 12:0 a.m.•11 views

Remote code execution in alextselegidis/easyappointments

Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legalsettings parameter...

6.1CVSS7.2AI score0.00507EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/13 12:0 a.m.•16 views

Easy!Appointments Improper Restriction of Excessive Authentication Attempts

An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file...

9.8CVSS7AI score0.00801EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/10 12:0 a.m.•6 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/10 12:0 a.m.•9 views

Server-Side Request Forgery (SSRF) in activitypub_federation

This vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request...

4CVSS6AI score0.00406EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/04 12:0 a.m.•12 views

Sparkle Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS6.8AI score0.00886EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/04 12:0 a.m.•12 views

wasmvm: Malicious smart contract can crash the chain

CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...

6.9AI score
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/04 12:0 a.m.•8 views

wasmvm: Malicious smart contract can slow down block production

CWA-2025-002 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to slow down block production. The attack requires a malicious...

7AI score
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/04 12:0 a.m.•5 views

wasmvm: Malicious smart contract can crash the chain

CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...

6.9AI score
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/02/04 12:0 a.m.•8 views

wasmvm: Malicious smart contract can slow down block production

CWA-2025-002 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to slow down block production. The attack requires a malicious...

7AI score
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/01/29 12:0 a.m.•53 views

Deep Java Library path traversal issue

Deep Java Library DJL is an open-source, high-level, engine-agnostic Java framework for deep learning. DJL is designed to be easy to get started with and simple to use for Java developers. DJL provides a native Java development experience and functions like any other regular Java library. DJL...

9.8CVSS9.7AI score0.23267EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
•added 2025/01/29 12:0 a.m.•16 views

kube-audit-rest's example logging configuration could disclose secret values in the audit log

If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages...

5.1CVSS6.5AI score0.00192EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/01/14 12:0 a.m.•14 views

CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER

Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure if that constrain...

7.5CVSS6.8AI score0.00319EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/01/09 12:0 a.m.•10 views

JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...

2.1CVSS7.2AI score0.00548EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2025/01/09 12:0 a.m.•14 views

JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...

2.1CVSS6.8AI score0.00548EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/19 12:0 a.m.•66 views

QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

5.9CVSS7.7AI score0.00404EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/19 12:0 a.m.•23 views

QOS.CH logback-core Server-Side Request Forgery vulnerability

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files...

2.4CVSS6.8AI score0.00225EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/18 12:0 a.m.•10 views

age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the age CLI through an attacker-controlled recipient or identity string, or to the plugin.NewIdentity, plugin.NewIdentityWithoutData, or plugin.NewRecipient APIs. ...

7.5AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/18 12:0 a.m.•4 views

rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary...

6.1AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/16 12:0 a.m.•26 views

CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion

ASA-2024-0012: Transaction decoding may result in a stack overflow When decoding a maliciously formed packet with a deeply-nested structure, it may be possible for a stack overflow to occur and result in a network halt. This was addressed by adding a recursion limit while decoding the packet...

7.4AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/10 12:0 a.m.•18 views

CosmWasm VM Incorrect metering

CWA-2024-007 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

7AI score
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/10 12:0 a.m.•11 views

Panic in wasmvm can slow down block production

CWA-2024-008 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

7AI score
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/10 12:0 a.m.•11 views

Panic in wasmvm can slow down block production

CWA-2024-008 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

7AI score
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/10 12:0 a.m.•30 views

Simulation of Wasmd message can cause crashing

CWA-2024-009 Severity Low Marginal + Likely^1 Affected versions: - wasmd 0.53.1 Patched versions: - wasmd 0.53.2 please note that wasmd 0.53.1 is broken and must not be used Description of the bug Blank for now. We'll add more detail once chains had a chance to upgrade. Mitigations Apart from...

7AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/10 12:0 a.m.•16 views

CosmWasm VM Incorrect metering

CWA-2024-007 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

7AI score
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/12/06 12:0 a.m.•7 views

shared_preferences_android vulnerability

Due to some data types not being natively representable for the available storage options, sharedpreferencesandroid serializes and deserializes special string prefixes to store these unrepresentable data types. This allows arbitrary classes to be deserialized leading to arbitrary code execution. ...

6.1AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/27 12:0 a.m.•19 views

Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...

4.3CVSS6.6AI score0.00812EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/20 12:0 a.m.•14 views

ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic

Name: ASA-2024-010: Mismatched bit-length in sdk.Int and sdk.Dec can lead to panic Component: Cosmos SDK / Math Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmossdk.io/math package versions = math/v1.3.0 Affected users: Chain Builders +...

7AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/11/18 12:0 a.m.•16 views

cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes

utils.getsharedsecret always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes...

9.8CVSS6.8AI score0.03948EPSS
Exploits6References6Affected Software1
Total number of security vulnerabilities1518