CVE CyberSecurity Database News (Page 519)

Nov 26, 2024 API Exploit

CVE-2024-8114 - Critical Privilege Escalation in GitLab via Compromised Personal Access Token (PAT)

In the ongoing mission to make software more secure, vulnerabilities are inevitable in even the most trusted platforms. On June 24, 2024, GitLab issued a

Nov 26, 2024 API Exploit

CVE-2024-11828 - How a GitLab Regression Opened Doors to API Denial-of-Service Attacks

--- Introduction A new denial of service (DoS) vulnerability, known as CVE-2024-11828, was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). The issue

Nov 26, 2024

CVE-2024-11668 - How GitLab’s Long-Lived Connections Bypassed Authentication and What It Means for You

On May 2, 2024, a serious security flaw—CVE-2024-11668—was disclosed by GitLab regarding long-lived connections, affecting various versions of the popular GitLab Community (CE)

Nov 26, 2024 API Exploit

CVE-2024-52008 - Critical Weak Password Vulnerability in Fides User Invite API

Fides is a popular open-source privacy engineering platform, widely praised for helping organizations automate and manage privacy operations. In June 2024, a serious security issue

Nov 26, 2024 API Exploit

CVE-2024-52336 - Tuned D-Bus Local Privilege Escalation via `instance_create()` Script Injection

A new vulnerability tagged as CVE-2024-52336 affects the popular system tuning tool, Tuned. This weakness allows a simple local user to run code as root—