Lucene search
+L

671 matches found

NCSC
NCSC
added 2025/11/18 7:1 a.m.13 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE versions for 18.3.6, 18.4.4, and 18.5.2. The vulnerabilities include the ability for attackers to remove Duo authentication flows, access sensitive information via GraphQL subscriptions, and bypass access controls on GitLab Pages. These...

7.8CVSS7.8AI score0.0041EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-11865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain...

5.3CVSS5.5AI score0.00219EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/17 7:3 a.m.5 views

CVE-2025-11865

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...

5.3CVSS6.9AI score0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/15 9:30 a.m.4 views

EUVD-2025-197695

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...

4.3CVSS6.4AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2025/11/15 8:15 a.m.4 views

CVE-2025-11865

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...

5.3CVSS0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/15 8:3 a.m.1 views

CVE-2025-11865 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...

4.3CVSS6.2AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/15 8:3 a.m.8 views

CVE-2025-11865 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...

4.3CVSS0.00219EPSS
Exploits0References2
CVE
CVE
added 2025/11/15 8:3 a.m.47 views

CVE-2025-11865

GitLab EE contains an Incorrect Authorization issue (CVE-2025-11865) that could allow an attacker to remove Duo MFA flows belonging to another user. Affected versions are GitLab EE 18.1–18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2. The root cause is described as improper authorization check...

5.3CVSS6.5AI score0.00219EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/11/15 8:3 a.m.3 views

CVE-2025-11865 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...

4.3CVSS6.5AI score0.00219EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/15 12:0 a.m.5 views

PT-2025-47047

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.1 through 18.3.6 GitLab EE versions 18.4 through 18.4.4 GitLab EE versions 18.5 through 18.5.2 Description A security issue exists in GitLab EE that, under specific conditions, could allow an attacker to remove Duo...

4.3CVSS6.7AI score0.00219EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/15 12:0 a.m.6 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab EE versions 18.1 through 18.3 prior ...

5.3CVSS6.6AI score0.00219EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/12 7:18 p.m.0 views

EUVD-2025-136221

Malicious code in tanabufir-soffai-du npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 7:18 p.m.1 views

EUVD-2025-136187

Malicious code in tanabufir-softfai-du npm...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/20 4:29 p.m.12 views

CVE-2025-55085

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

8.8CVSS7.1AI score0.00567EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.9 views

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4 that stems from a DHCPV6 client not checking the server DUID index in the server reply, which could lead to an...

9.8CVSS6.6AI score0.00372EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/18 6:49 a.m.12 views

CVE-2025-55087

In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...

7.5CVSS6.7AI score0.00425EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/18 5:45 a.m.7 views

CVE-2025-55094

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxicmpv6validateoptions when handling a packet with ICMP6 options...

7.5CVSS6.8AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/18 5:45 a.m.9 views

CVE-2025-55093

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive when handling unicast DHCP messages that could cause corruption of 4 bytes of memory...

6.9CVSS6.9AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/18 5:45 a.m.9 views

CVE-2025-55092

In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4optionprocess when processing an IPv4 packet with the timestamp option...

6.9CVSS6.8AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2025/10/17 3:15 p.m.28 views

CVE-2025-55085

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

8.8CVSS0.00567EPSS
Exploits1References1
Rows per page
Query Builder