GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Canarytokens is an open source tool which helps track activity and actions on your network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This affects the package passport before 0.6.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.