Lucene search
K

967 matches found

The Hacker News
The Hacker News
added 2026/02/26 10:35 a.m.9 views

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. "The activity aligns with a broader cluster of threats that...

6.3AI score
Exploits0
EUVD
EUVD
added 2026/02/25 9:31 p.m.6 views

EUVD-2026-8742

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses...

6.5CVSS5.4AI score0.00255EPSS
Exploits0References3
NVD
NVD
added 2026/02/25 9:16 p.m.6 views

CVE-2026-2845

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses...

6.5CVSS0.00255EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/25 9:16 p.m.4 views

CVE-2026-2845

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
OSV
OSV
added 2026/02/25 9:16 p.m.4 views

UBUNTU-CVE-2026-2845

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/25 8:4 p.m.22 views

CVE-2026-2845 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses...

6.5CVSS0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/25 8:4 p.m.4 views

CVE-2026-2845 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses...

6.5CVSS5.9AI score0.00255EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 8:4 p.m.5 views

CVE-2026-2845

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses...

6.5CVSS5.3AI score0.00255EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/25 8:4 p.m.27 views

CVE-2026-2845

Summary of CVE-2026-2845 : GitLab CE/EE versions affected are 11.2–before 18.7.5, 18.8–before 18.8.5, and 18.9–before 18.9.1. The issue allows an authenticated user to cause a denial of service by exploiting the Bitbucket Server import endpoint through repeatedly sending large responses. The vuln...

6.5CVSS5.4AI score0.00255EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/02/25 8:4 p.m.4 views

CVE-2026-2845

Removed by vendor...

6.5CVSS5.8AI score0.00255EPSS
Exploits0
OSV
OSV
added 2026/02/25 8:4 p.m.3 views

CVE-2026-2845 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses...

6.5CVSS5.9AI score0.00255EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.6 views

PT-2026-22006

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.2 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 GitLab CE/EE versions 18.9 through 18.9.0 Description An authenticated user could cause a denial of service by exploiting a Bitbucket Server import endpoint...

6.5CVSS5.2AI score0.00255EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2026/02/25 12:0 a.m.12 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Mermaid sandbox impacts GitLab CE/EE Denial of Service issue in container registry impacts GitLab CE/EE Denial of Service issue in Jira events endpoint impacts GitLab CE/EE Regular Expression Denial of Service issue in GitLab merge requests impacts...

8CVSS5.4AI score0.00357EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.7.5, 18.8.5...

6.5CVSS5.9AI score0.00255EPSS
Exploits0References2
Atlassian
Atlassian
added 2026/02/11 4:28 p.m.15 views

DoS (Denial of Service) semver Dependency in Bitbucket Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-25883 was introduced in versions 9.4.16 and 10.1.1 of Bitbucket Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS5.7AI score0.02761EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.7 views

PT-2026-4358

This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...

7.9CVSS7.3AI score0.00297EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/01/20 6:41 p.m.13 views

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code VS Code projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.5 views

CVE-2023-50931

An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting...

8.3CVSS7.1AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.4 views

CVE-2025-61916

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...

7.9CVSS6.8AI score0.00155EPSS
Exploits0References1
Atlassian
Atlassian
added 2025/12/19 4:27 p.m.16 views

DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 8.19.0 and 9.4.0 of Bitbucket Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5, allows an attacker to perform actions to degrade service, which has no impact to...

7.5CVSS8.1AI score0.03389EPSS
Exploits0
Rows per page
Query Builder