[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 10919 Download | Alert*

The host is installed with GitLab CE/EE 7.14 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to inject HTML in an email address field.

The host is installed with GitLab CE/EE 7.14 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to inject HTML in an email address field.

The host is installed with GitLab CE/EE 13.10 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an authorization bypass through user-controlled key. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow users to view new commits to private projects in a fork created while the project was public.

The host is installed with GitLab CE/EE 13.10 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an authorization bypass through user-controlled key. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow users to view new commits to private projects in a fork created while the project was public.

The host is installed with GitLab EE 15.10 before 15.10.5, 15.11 before 15.11.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an issue in OpenID connect. Successful exploitation allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.

The host is installed with GitLab EE 15.10 before 15.10.5, 15.11 before 15.11.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an issue in OpenID connect. Successful exploitation allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.

The host is installed with GitLab CE/EE 15.9 before 16.0.8, 16.1 before 16.1.3, or 16.2 before 16.2.2 and is prone to a stored XSS vulnerability. A flaw is present in the application, which fails to properly handle a user interaction with a crafted URL in the WebIDE beta. Successful exploitation could allow attackers to trigger a stored XSS vulnerability.

The host is installed with GitLab CE/EE 15.9 before 16.0.8, 16.1 before 16.1.3, or 16.2 before 16.2.2 and is prone to a stored XSS vulnerability. A flaw is present in the application, which fails to properly handle a user interaction with a crafted URL in the WebIDE beta. Successful exploitation could allow attackers to trigger a stored XSS vulnerability.

The host is installed with SpringSource Spring Framework 6.0.0 through 6.0.6 or 5.3.0 through 5.3.25 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle regex pattern in spring security configuration. On successful exploitation, using "**" as a pattern in spring security configuration with the 'mvcRequestMatcher' creates a mismatch ...

The host is installed with SpringSource Spring Framework before 5.2.23, 6.0.0 through 6.0.6 or 5.3.0 through 5.3.26 and is prone to a spring expression denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. On successful exploitation, it is possible for a user to provide a specially crafted SpEL expression that may cause ...


Pages:      Start    583    584    585    586    587    588    589    590    591    592    593    594    595    596    ..   1091

© SecPod Technologies