Writeup Exploits
60,918 exploits tracked across all sources.
GitLab CE/EE <15.1.6-15.3.2 - Authenticated XSS
An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests.
CVSS 7.3
GitLab <15.1.6-15.3.2 - Auth Bypass
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
CVSS 6.5
GitLab < 15.1.6, 15.2 < 15.2.4, 15.3 < 15.3.2 - Authenticated Denial of Service via Snippet Description Length
A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.
CVSS 6.5
QEMU 6.2.0 - Memory Leak via Virtio-Net Device Error Handling
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVSS 7.5
QEMU <= 6.2.0 - Memory Leak in vhost-vsock Error Handling
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVSS 3.2
Tildeslash Monit <5.31.0 - Privilege Escalation
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.
CVSS 8.8
GitLab CE/EE <15.2.4-15.3.2 - Info Disclosure
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
CVSS 4.3
SpringBlade <= 3.2.0 - SQL Injection via customSqlSegment
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
CVSS 9.8
GitLab <12.9.8, <12.10.7, <13.0.1 - Info Disclosure
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO
CVSS 2.7
GitLab CE/EE <15.1.6, <15.2.4, <15.3.2 - XSS
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.
CVSS 7.3
universis-api < 1.2.1 - Authenticated SQL Injection via $select Parameter
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades.
CVSS 8.1
GitLab 10.7-15.1.4, 15.2-15.2.2, 15.3 - Denial of Service via Commit Message Field
A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.
CVSS 4.3
GitLab < 15.1.6, 15.2-15.2.4, 15.3-15.3.2 - Denial of Service via Malformed Issue Description
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage.
CVSS 7.5
libtiff < 4.4.0 - Out-of-bounds Read in extractImageSection
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.
CVSS 5.5
libtiff < 4.4.0 - Out-of-bounds Read in extractImageSection
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.
CVSS 5.5
QEMU 4.2.0-7.0.0 - Denial of Service via Tulip DMA Reentrancy
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVSS 7.8
GitLab CE/EE <15.1.6, <15.2.4, <15.3.2 - Info Disclosure
An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
CVSS 4.3
GitLab CE/EE <15.1.6, <15.2.4, <15.3.2 - Info Disclosure
An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.
CVSS 3.7
GitLab CE/EE <12.7 - Info Disclosure
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests
CVSS 7.3
GitLab <15.2.5-15.4.1 - Info Disclosure
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.
CVSS 5.4
GitLab CE/EE <15.2.5-15.4.1 - Info Disclosure
An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID.
CVSS 6.5
QEMU 6.1.0-7.0.0 - Denial of Service via VNC ClientCutText Message Integer Underflow
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVSS 6.5
Wireshark 3.4.0-3.4.15 and 3.6.0-3.6.7 - Denial of Service via F5 Ethernet Trailer Dissector Infinite Loop
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
CVSS 6.3
GitLab 12.4-15.6.6, 15.7-15.7.5, 15.8-15.8.0 - Authenticated Denial of Service via Large Issue Description
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.
CVSS 6.5
hunter2 < 2.1.0 - Authenticated Cleartext Storage of Sensitive Information via Auto-Completion Input
An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses
CVSS 6.5
By Source