gitlab is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the lack of length validation of the library, which allows an attacker to create a large Issue description via GraphQL, ...
Continue Reading
August 10, 2023
## Summary: By tampering with the POST request to the endpoint CreateOrUpdateSo5LineupMutation while editing a team you can change all football players to have the captain attribute to 'true'. This g ...
Continue Reading
August 02, 2023
[]() As part of [**Checkmarx's mission**]() to help organizations develop and dep ...
Continue Reading
July 28, 2023
directus is vulnerable to Improper Permission Checks. The vulnerability exists because the permission filters such as `user_created IS $CURRENT_USER` are not properly checked in the library when using ...
Continue Reading
July 28, 2023
I made a report and patch at https://hackerone.com/reports/1696752. https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 > There is a possible D ...
Continue Reading
July 27, 2023
gitlab is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the lack of length validation of the library, which allows an attacker to create large issue descriptions via GraphQL, ...
Continue Reading
July 27, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
July 26, 2023
### Summary CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Access to information you should not have access to when the permissions rely on `$CURRENT_USER` for filtering. ### Deta ...
Continue Reading
July 26, 2023
Back to Main
