Lucene search
K

66 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/14 5:34 a.m.11 views

CVE-2026-6063

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/14 5:33 a.m.19 views

CVE-2026-7481

GitLab CVE-2026-7481 affects GitLab Enterprise Edition (EE) across all 16.4–18.x lines prior to specific patch releases. The issue is a Cross-site Scripting (XSS) flaw caused by improper input sanitization that could allow an authenticated user with developer-role permissions to cause arbitrary J...

8.7CVSS6.1AI score0.00256EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40878

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.4 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description Improper input sanitization allows an authenticated user with developer-role permissions to execute arbitrary...

8.7CVSS6.1AI score0.00256EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/09 12:32 a.m.3 views

EUVD-2026-20795

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

4.3CVSS5.9AI score0.00311EPSS
Exploits0References4
NVD
NVD
added 2026/04/08 11:16 p.m.12 views

CVE-2026-1752

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

4.3CVSS0.00311EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/08 10:25 p.m.7 views

CVE-2026-1752

Removed by vendor...

4.3CVSS5.8AI score0.00311EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.5 views

CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

4.6CVSS5.5AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 12:16 p.m.4 views

CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

4.6CVSS0.00162EPSS
Exploits0References3
OSV
OSV
added 2026/02/11 12:16 p.m.3 views

UBUNTU-CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

4.6CVSS5.8AI score0.00162EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.6 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Prior to GitLab CE/EE 18.8.4, there was a security vulnerability. This...

4.6CVSS5.9AI score0.00162EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.3 views

CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

4.6CVSS5.9AI score0.00162EPSS
Exploits0References4
Veracode
Veracode
added 2026/02/09 8:35 a.m.10 views

Remote Code Execution (RCE)

Crafter CMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper control of dynamically managed Groovy code, where authenticated developers can bypass the Groovy sandbox by injecting malicious Groovy elements, allowing execution of arbitrary OS commands...

7.3CVSS6.1AI score0.00425EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.7 views

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 6:31 p.m.5 views

GHSA-GJ28-GW7W-3PXC Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/02 6:31 p.m.9 views

Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/02 5:16 p.m.9 views

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS0.00425EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 4:16 p.m.5 views

CVE-2026-1770 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
CVE
CVE
added 2026/02/02 4:16 p.m.14 views

CVE-2026-1770

CVE-2026-1770 affects Crafter CMS, specifically Crafter Studio. The vulnerability arises from Improper Control of Dynamically-Managed Code Resources via the Groovy Sandbox, enabling authenticated developers to insert malicious Groovy code to bypass sandbox restrictions and achieve Remote Code Exe...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.14 views

PT-2026-5681

Name of the Vulnerable Software and Affected Versions Crafter CMS versions affected versions not specified Description An issue exists in Crafter Studio of Crafter CMS that allows authenticated developers to execute operating system commands. This is due to a bypass of the Groovy Sandbox...

7.3CVSS6.1AI score0.00425EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.6 views

CrafterCMS 安全漏洞

CrafterCMS is a Java-based CMS developed by CrafterCMS Inc. There is a security vulnerability in CrafterCMS, which stems from improper control over dynamically managed code resources. This vulnerability could allow authenticated developers to bypass sandbox restrictions and execute OS commands...

7.3CVSS6AI score0.00425EPSS
Exploits0References1
Rows per page
Query Builder