Lucene search
K

736 matches found

Nuclei
Nuclei
added yesterday18 views

GitLab CI Lint API - Server-Side Request Forgery

GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...

9.8CVSS7.7AI score0.53372EPSS
Exploits1References2
OSV
OSV
added 2 days ago3 views

MAL-2026-6698 Malicious code in cursed-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b6aab954f9b8edbc759c97eabe39d7a070c4dbe852586422761ad0f8c7ad95 [email protected] executes attacker-controlled code on three separate triggers and operates a bidirectional command channel against a hardcoded...

6AI score
Exploits0References19
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in rebrandly-domains-digger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1744d2a299b9ef0526f49b4b2297fcd6c72581c51a3359801db56318d8cfda The package declares a preinstall hook that runs node callback.js. On npm install, callback.js collects installer-side identifiers — os.hostname,...

5.8AI score
Exploits0References2
NCSC
NCSC
added last week9 views

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab Inc. has identified several vulnerabilities in GitLab Enterprise Edition EE and other versions of GitLab, particularly in releases from version 8.3 to 19.1.1, with a focus on versions around 18.11.6, 19.0.3, and 19.1.1. These vulnerabilities affect various components of GitLab, including t...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added last week31 views

CVE-2026-0934 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configuratio...

3.8CVSS0.00201EPSS
Exploits0References3
EUVD
EUVD
added last week4 views

EUVD-2026-39179

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configuratio...

3.8CVSS5.9AI score0.00201EPSS
Exploits0References3
CVE
CVE
added last week82 views

CVE-2026-8330

GitLab CE/EE versions affected: all 9.3–<18.11.6, 19.0–<19.0.3, and 19.1–

4.4CVSS5.8AI score0.0013EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week27 views

CVE-2026-8330 Insertion of Sensitive Information into Log File in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint...

4.4CVSS0.0013EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

GitLab 17.9 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-0934)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticate...

3.8CVSS5.9AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52207

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.3 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Insufficient filtering in a CI/CD API endpoint could allow sensitive information to be written to...

4.4CVSS5.7AI score0.0013EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 2:17 p.m.16 views

CVE-2026-12537

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS0.00314EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:37 p.m.67 views

CVE-2026-12537

Summary (CVE-2026-12537) : The vulnerability affects Google Gemini CLI container launcher (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms. It stems from improper neutralization in an OS command, enabling an unprivileged attacker ...

10CVSS6.3AI score0.00314EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 2:16 a.m.10 views

CVE-2026-11833

Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages:...

8.2CVSS0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 12:53 a.m.35 views

CVE-2026-11833

Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages:...

8.2CVSS0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 12:53 a.m.9 views

EUVD-2026-38411

Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages:...

8.2CVSS5.7AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51406

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description A privilege inversion issue exists in the 'GET /build/logs/:jobId' endpoint. This endpoint utilizes Server-Sent Events SSE to stream output and registers an abort listener that invokes the...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Avoid NULL pointer dereferencing in v3djobupdatestats The following kernel error was recently reported by Mesa CI: 800.139824 Unable to handle NULL pointer dereferencing at virtual address 0000000000000588 800.148619...

5.5CVSS6AI score0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Added outer runtimePM protection to xelivektest@xedmabuf. Any process using the kunit interface that performs memory accesses should receive its own outer references from the runtimePM system, since it does not use the...

5.5CVSS6.1AI score0.00196EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in ORC

A stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked into processing a specially crafted file using the affected ORC compiler, arbitrary code may be executed on the developer’s build environment. This may result in compromise ...

7CVSS7.4AI score0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 7:54 p.m.16 views

CVE-2026-49248 OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.3CVSS0.00382EPSS
Exploits0References2
Rows per page
Query Builder