Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer – WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication…

Cross-site request forgery (CSRF) vulnerability in WPCS – WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified…

Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf…

An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql. Devamını Oku

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of…

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE Devamını Oku

Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. Devamını Oku

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 Devamını…

Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. Devamını Oku

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin…