CVE

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.

An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.

Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <= 1.0 versions.

Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <= 3.5.3251 versions.

Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions.

Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <= 2.5 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions.