Lucene search
K

32 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-6883

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

4.3CVSS5.5AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5296

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow...

4.3CVSS5.5AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-1402

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation...

6.5CVSS5.5AI score0.00471EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.19 views

GitLab 18.8 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-4868)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Authorization Bypass Through User-Controlled Key in GitLab CVE-2026-4868 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References5
OSV
OSV
added 2026/05/18 6:6 a.m.8 views

BIT-GITLAB-2025-12669 Improper Control of Generation of Code ('Code Injection') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.8 views

CVE-2026-4524

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper...

6.5CVSS5.8AI score0.00291EPSS
Exploits1References4
OSV
OSV
added 2026/05/14 6:16 a.m.7 views

UBUNTU-CVE-2026-6335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS6.2AI score0.00192EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 5:38 a.m.198 views

CVE-2025-12669

GitLab CVE-2025-12669 affects GitLab CE/EE versions 15.11 up to before 18.9.7, 18.10 up to before 18.10.6, and 18.11 up to before 18.11.3. The issue arises from improper input sanitization, allowing an authenticated user to inject HTML and JavaScript into email notifications sent to other users. ...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/14 5:38 a.m.13 views

EUVD-2025-209834

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/14 5:37 a.m.8 views

CVE-2026-1184

Removed by vendor...

7.5CVSS5.8AI score0.00331EPSS
Exploits0
EUVD
EUVD
added 2026/05/14 5:36 a.m.13 views

EUVD-2026-30225

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

4.3CVSS5.8AI score0.00199EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 5:35 a.m.10 views

CVE-2026-3607 Access Control Check Implemented After Asset is Accessed in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control...

4.3CVSS5.8AI score0.00228EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/14 5:35 a.m.21 views

CVE-2026-3607

Removed by vendor...

4.3CVSS5.8AI score0.00228EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/14 5:33 a.m.43 views

CVE-2026-6335 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS0.00192EPSS
Exploits0References3
CVE
CVE
added 2026/05/14 5:33 a.m.31 views

CVE-2026-6335

GitLab CVE-2026-6335 affects GitLab CE/EE versions prior to 18.11.3. The issue stems from improper sanitization that under certain conditions could allow an authenticated user to run arbitrary code in another user’s browser session. GitLab released a patch (18.11.3) to remediate the vulnerability...

5.4CVSS6.2AI score0.00192EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:33 a.m.14 views

CVE-2026-6335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS6.2AI score0.00192EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.10 views

PT-2026-40862

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper access control allows an unauthenticated user to download private debugging symbols from...

4.3CVSS5.8AI score0.00199EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE from 15.1 ...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE 18.3 to 18.9.7, 18.10...

4.3CVSS5.9AI score0.00228EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.16 views

GitLab 18.8 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-7471)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Server-Side Request Forgery SSRF in GitLab CVE-2026-7471 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 809...

3.5CVSS5.8AI score0.00171EPSS
Exploits0References4
Rows per page
Query Builder