Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.11 views

CVE-2026-44442

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 9:11 p.m.36 views

CVE-2026-44442 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

9.9CVSS0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:11 p.m.9 views

EUVD-2026-30195

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:11 p.m.8 views

CVE-2026-44442 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-3509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 befo...

5.4CVSS5.5AI score0.00322EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-1451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lea...

8.7CVSS7.9AI score0.51467EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/03 12:0 a.m.31 views

GitLab 16.1 < 16.7.6 / 16.8 < 16.8.3 / 16.9 < 16.9.1 (CVE-2024-1525)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Unde...

5.3CVSS5.7AI score0.00453EPSS
Exploits0References3
Prion
Prion
added 2024/02/22 12:15 a.m.24 views

Privilege escalation

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admingroupmember permission, they may be able to make a group...

5.8CVSS6.7AI score0.00525EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/02/22 12:15 a.m.24 views

Default credentials

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their...

2.1CVSS7.1AI score0.00453EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/22 12:15 a.m.6 views

UBUNTU-CVE-2024-0861

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the Guest role can change Custom dashboard projects settings contrary to permissions...

4.3CVSS5.7AI score0.00404EPSS
Exploits0References4
OSV
OSV
added 2024/02/22 12:15 a.m.4 views

UBUNTU-CVE-2024-0410

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...

7.7CVSS5.8AI score0.00455EPSS
Exploits0References4
OSV
OSV
added 2024/02/22 12:15 a.m.2 views

UBUNTU-CVE-2023-6477

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admingroupmember permission, they may be able to make a group...

6.7CVSS5.7AI score0.00525EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/02/22 12:0 a.m.24 views

CVE-2023-4895

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References3
NCSC
NCSC
added 2024/02/22 12:0 a.m.29 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Circumvention o...

8.7CVSS6.5AI score0.51467EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/02/22 12:0 a.m.17 views

CVE-2024-1451

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."...

8.7CVSS7.2AI score0.51467EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/02/21 11:31 p.m.31 views

CVE-2023-6477

Removed by vendor...

6.7CVSS6.6AI score0.00525EPSS
Exploits0
OSV
OSV
added 2024/02/21 11:31 p.m.16 views

CVE-2023-6477 Incorrect Privilege Assignment in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admingroupmember permission, they may be able to make a group...

6.7CVSS6.4AI score0.00525EPSS
Exploits0References5
OSV
OSV
added 2024/02/21 11:30 p.m.21 views

CVE-2024-0410 Improper Enforcement of Behavioral Workflow in GitLab

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...

7.7CVSS7.4AI score0.00455EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/02/21 11:30 p.m.30 views

CVE-2024-0410

Removed by vendor...

7.7CVSS7.1AI score0.00455EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/02/21 12:0 a.m.25 views

GitLab 12.0 < 16.7.6 / 16.8 < 16.8.3 / 16.9 < 16.9.1 (CVE-2023-4895)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This...

4.3CVSS5.2AI score0.00376EPSS
Exploits0References4
Rows per page
Query Builder