GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE from version 18.4 until...

BIT-GITLAB-2025-12653 Authentication Bypass by Spoofing in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests...

EUVD-2025-199761

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions...

CVE-2025-7449

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...

CVE-2025-6195

CVE-2025-6195 : GitLab EE had a fix for an issue that could allow an authenticated user to view information from security reports under certain configuration conditions. The vulnerability affected all GitLab CE/EE versions up to: 13.7 before 18.4.5; 18.5 before 18.5.3; 18.6 before 18.6.1. The rem...

CVE-2025-7449 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...

CVE-2025-12571 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON...

Visual Studio 2026 Security Update (18.5.3)

This security update applies to all editions of Visual Studio 2026, and will update client machines on the Stable channel to version 18.5.3. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in order for the update ...