CLEANSTART-2026-CH77232 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 18.7.1-r0

Multiple security vulnerabilities affect the gitlab-pages-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

GitLab 18.2.2 < 18.5.5 / 18.6 < 18.6.3 / 18.7 < 18.7.1 (CVE-2025-9222)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve...

GitLab 8.3 < 18.5.5 / 18.6 < 18.6.3 / 18.7 < 18.7.1 (CVE-2025-10569)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denia...

PT-2026-6978

Name of the Vulnerable Software and Affected Versions GitLab AI Gateway versions 18.1.6 through 18.8.0 Description The GitLab AI Gateway’s Duo Workflow Service component contains a flaw related to improper code generation. This issue allows authenticated attackers to cause a Denial of Service or...

CVE-2025-13761 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially...

CVE-2025-13761 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

GitLab 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition EE and GitLab...

PT-2026-1797

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 10.3 through 18.5.4 GitLab CE/EE versions 18.6 through 18.6.2 GitLab CE/EE versions 18.7 through 18.7.0 Description GitLab CE/EE is affected by an issue that could allow a user to leak certain information by referencing...

PT-2026-1960

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2.2 through 18.5.4 GitLab CE/EE versions 18.6.0 through 18.6.2 GitLab CE/EE versions 18.7.0 through 18.7.0 Description An issue exists in GitLab CE/EE that allows an authenticated user to achieve stored cross-site...

Apple多款产品 安全漏洞

Apple iOS and others are products of Apple Inc. in the U.S. Apple iOS is an operating system developed for mobile devices. apple iPadOS is an operating system for iPad tablets. apple visionOS is an operating system for AR glasses. A security vulnerability exists in multiple Apple products that...