38196 matches found
Directory Traversal
gitLab is vulnerable to a directory traversal. The vulnerability occurs because GitLab does not properly validate the URL of a webhook. An attacker can exploit this vulnerability by creating a malicious webhook with a URL that contains a crafted directory traversal sequence. This will cause GitLa...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to insufficient validation of branch names when importing a project. An authenticated and authorized user can exploit this vulnerability to import a project with a malicious branch name that contains 40 hexadecimal...
Cross-Site Scripting (XSS)
gitlab is vulnerable to a cross-site scripting XSS vulnerability. This vulnerability occurs due to improper neutralization of input during web page generation. An attacker can exploit this vulnerability by creating a malicious Jupyter notebook that contains a crafted tag. When a victim views the...
Denial Of Service (DoS)
gitlab is vulnerable to Denial of Service DoS attacks. This vulnerability occurs due to a flaw in the way that GitLab handles large repositories. An attacker can exploit this vulnerability to cause GitLab to exhaust its memory resources, resulting in a denial of service...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles group and project visibility. An attacker can exploit this vulnerability to change the visibility of a group or project, even if they are not the owner of the group or project...
Information Disclosure
gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles subgroup permissions. An attacker can exploit this vulnerability to gain access to the members list of a parent group, even if they are only a member of the subgroup. This can be...
Cross-site Scripting (XSS)
dokuwiki is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the RSS titles, which allows an attacker to inject and execute malicious javascript...
Cross-Site Scripting (XSS)
firefox is vulnerable to Cross-Site Scripting XSS attacks. This vulnerability occurs due to a flaw in the way that Firefox handles data: URLs. An attacker can exploit this vulnerability to load a malicious document in the same process as a trusted document, bypassing the site-isolation protection...
Remote Code Execution (RCE)
firefox and thunderbird are vulnerable to Remote Code Execution RCE. These vulnerabilities occur due to improper handling of memory in the Firefox web browser. An attacker can exploit these vulnerabilities to crash Firefox or execute arbitrary code...
Remote Code Execution (RCE)
firefox is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to improper handling of memory in the WebRender component. An attacker can exploit this vulnerability to crash Firefox or execute arbitrary code...
Denial Of Service (DoS)
firefox and thunderbird are vulnerable to Denial of Service DoS attacks. This vulnerability occurs due to a missing activation delay on the error page for sites with invalid TLS certificates. An attacker can exploit this vulnerability by creating a malicious website that contains a crafted iframe...
Remote Code Execution (RCE)
SABnzbd is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a design flaw in the Notification Script functionality. An attacker can exploit this vulnerability by sending a specially crafted request to the SABnzbd web interface. This can be used to execute arbitrary code o...
Remote Code Execution (RCE)
redis is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a flaw in the way that Redis handles cJSON and cmsgpack libraries. An attacker can exploit this vulnerability to cause Redis to crash or to execute arbitrary code...
Remote Code Execution (RCE)
gitlab is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a flaw in the way that GitLab handles group SAML SSO. An attacker can exploit this vulnerability to invite arbitrary users to a group, and then change the user's email address to an attacker-controlled address. Th...
Information Disclosure
gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles confidential notes. An attacker can exploit this vulnerability to view confidential notes that they are not authorized to see...
Remote Code Execution (RCE)
redis is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a flaw in the way that Redis handles key names. An attacker can exploit this vulnerability to cause Redis to crash or to execute arbitrary code...
Cross-site Scripting (XSS)
odoo is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute malicious javascript through the maliciously crafted links...
Denial Of Service (DoS)
gitlab is vulnerable to Denial of Service DoS attacks. This vulnerability occurs due to a flaw in the way that GitLab handles malicious text in the CI Editor and CI Pipeline details page. An attacker can exploit this vulnerability to cause GitLab to consume excessive CPU and memory resources,...
Remote Code Execution (RCE)
mediawiki is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a flaw in the way that MediaWiki handles file uploads. An attacker can exploit this vulnerability to bypass file upload restrictions, which could allow them to upload malicious files to the MediaWiki server...
Remote Code Execution (RCE)
virtualbox is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a flaw in the way that Oracle VM VirtualBox handles RDP connections. An attacker can exploit this vulnerability to execute arbitrary code on the victim's system...
Denial Of Service (DoS)
virtualbox is vulnerable to Denial of Service DoS attacks. This vulnerability occurs due to a flaw in the way that Oracle VM VirtualBox handles shared folders. An attacker can exploit this vulnerability to cause a hang or frequently repeatable crash to the victim's system...
Denial Of Service (DoS)
virtualbox is vulnerable to Denial of Service DoS attacks. This vulnerability occurs due to a flaw in the way that Oracle VM VirtualBox handles macro policies. An attacker can exploit this vulnerability to bypass macro security policies, which could allow them to crash the system...
Authorization Bypass
openjfx is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that JavaFX handles image files. An attacker can exploit this vulnerability to execute arbitrary code on a vulnerable system...
Information Disclosure
gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles invited group members. An attacker can exploit this vulnerability to gain access to a project even if they have not been invited to the project. This can be used to gain access t...
Cross-Site Scripting (XSS)
gitLab is vulnerable to Cross-Site Scripting XSS. This vulnerability occurs due to a flaw in the way that GitLab handles the DataDog integration configuration. An attacker can exploit this vulnerability to inject malicious code into a project's DataDog configuration, which can then be executed by...
Privilege Escalation
gitlab is vulnerable to Privilege Escalation. This vulnerability occurs due to a flaw in the way that GitLab handles project tokens. An attacker with the "Maintainer" role on any project can exploit this vulnerability to gain the "Internal" role on the same project, which grants them elevated...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles Jira Connect Namespaces. An attacker can exploit this vulnerability to add or remove Jira Connect Namespaces, even if they do not have the required permissions. This can be used ...
Cross-Site Scripting (XSS)
gitLab is vulnerable to Cross-Site Scripting XSS. This vulnerability occurs due to a flaw in the way that OrchardCore handles the rendering of HTML templates. An attacker can exploit this vulnerability to inject malicious code into a project's HTML templates, which can then be executed by other...
Information Disclosure
gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles the /user.keys route. An attacker can exploit this vulnerability to enumerate the usernames of users on the GitLab server, even if the users have not made their usernames public...
Information Disclosure
gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles the project import/export feature. An attacker can exploit this vulnerability to obtain the private email addresses of users who have exported their projects...
Cross-Site Scripting (XSS)
gitlab is vulnerable to Cross-Site Scripting XSS attacks. This vulnerability occurs due to a flaw in the way that GitLab handles guest user permissions. An attacker can exploit this vulnerability to inject and execute malicious javascript on victim's browser...
Improper Authorization
gitlab is vulnerable to Improper Authorization. An attacker can view and delete impersonation tokens that administrators create...
Information Disclosure
gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles Git over SSH. An attacker can exploit this vulnerability to impersonate any user on the GitLab server, including users with administrative privileges...
Improper Authorization
gitlab is vulnerable to Improper Authorization. The vulnerability allows an attackers in private projects to view CI/CD analytics...
Denial Of Service (DoS)
gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists in the Webhook feature in the library, which allows an attacker to cause an application crash...
Improper Input Validation
gitlab is vulnerable to Improper Input Validation. The vulnerability exists in the commit author of the library, which allows an attacker to make several pages in a project impossible to view...
Incorrect Authorization
gitlab is vulnerable to Incorrect Authorization. The vulnerability exists under specialized conditions, which allows an attacker to use an invite URL meant for another email address to gain access to a group...
Cross-site Scripting (XSS)
gitlab is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute malicious javascript through the maliciously crafted default branch name...
Cross-site Scripting (XSS)
gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the insufficient input sanitization in Mermaid markdown of the library, allowing an attacker to inject and execute malicious javascript...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles metadata when creating new issues. An attacker can exploit this vulnerability to insert arbitrary metadata into an issue, which can then be used to track users or perform other...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles OAuth subscriptions. An attacker can exploit this vulnerability to generate OAuth tokens for incorrect OAuth client applications...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles impersonation tokens. An attacker can exploit this vulnerability to perform Git actions even if impersonation is disabled...
Cross-Site Scripting (XSS)
gitlab is vulnerable to Cross-Site Scripting XSS attacks. This vulnerability occurs due to a flaw in the way that GitLab handles issue descriptions. An attacker can exploit this vulnerability to inject malicious code into an issue description, which can then be executed by other users when they...
HTML Injection
gitlab is vulnerable to HTML injection. This vulnerability occurs due to a flaw in the way that GitLab handles the full name field. An attacker can exploit this vulnerability to inject malicious code into a project's description...
Cross-Site Scripting (XSS)
gitlab is vulnerable to Cross-Site Scripting XSS attacks. This vulnerability occurs due to a flaw in the way that GitLab handles design images. An attacker can exploit this vulnerability to inject and execute malicious javascript on victim's browser...
Denial Of Service (DoS)
gitlab is vulnerable to Denial of Service DoS attacks. This vulnerability occurs due to a flaw in the way that GitLab handles specially crafted usernames. An attacker can exploit this vulnerability to cause GitLab to reject access to a user's profile page...
Code Injection
gitlab is vulnerable to Code Injection. The vulnerability exists due to the improper code rendering while rendering merge requests, which allows an attacker to inject and execute malicious code...
Information Disclosure
gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles project forks. An attacker can exploit this vulnerability to access data of an internal repository through a project fork done by a project member...
Information Disclosure
gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles GraphQL queries. An attacker can exploit this vulnerability to access project details that they are not authorized to see...
Cross-site Scripting (XSS)
gitlab is vulnerable to Cross-site Scripting XSS. An attacker can send a malicious link to a victim and trigger actions on their behalf if they clicked it...