Lucene search
K

5836 matches found

SUSE CVE
SUSE CVE
added yesterday3 views

SUSE CVE-2025-6013

Vault and Vault Enterprise's “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

6.5CVSS6.7AI score0.00502EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43300

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS6.1AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 3 days ago9 views

CVE-2026-14165

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-14165

Technical details are not publicly available in the provided documents. Monitor for updates on affected versions, root cause, and remediation.

7.5CVSS6.1AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-14165 Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-57230 OpenReplay: Authenticated ClickHouse SQL injection via session search

OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user input into the query string, including two positions that took input without escaping, allowing an...

5.4CVSS0.00207EPSS
Exploits0References4
OSV
OSV
added 6 days ago3 views

CVE-2026-57230 OpenReplay: Authenticated ClickHouse SQL injection via session search

OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user input into the query string, including two positions that took input without escaping, allowing an...

5.4CVSS6.1AI score0.00207EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-11827

A flaw was found in GitLab EE. An authenticated user with maintainer-role permissions could, under specific conditions, exploit improper authorization controls. This vulnerability allows the user to obtain other users' stored credentials, leading to unauthorized information disclosure...

4.9CVSS5.9AI score0.00255EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.6 views

GitLab 13.11 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-6896)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticat...

8.7CVSS6.4AI score0.00282EPSS
Exploits0References5
NVD
NVD
added 2026/07/08 9:16 p.m.7 views

CVE-2026-6896

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS0.00282EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 9:16 p.m.8 views

CVE-2026-8472

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 9:16 p.m.6 views

CVE-2026-13151

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

4.3CVSS0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 9:16 p.m.7 views

CVE-2026-11827

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS0.00255EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 9:16 p.m.2 views

UBUNTU-CVE-2025-12506

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

4.3CVSS6.1AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 9:16 p.m.4 views

UBUNTU-CVE-2026-11827

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS6.1AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 9:16 p.m.3 views

UBUNTU-CVE-2026-6896

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS7.2AI score0.00282EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 9:16 p.m.2 views

UBUNTU-CVE-2026-13320

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper...

7.3CVSS7.2AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 9:16 p.m.3 views

UBUNTU-CVE-2026-13151

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

4.3CVSS6.1AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 9:16 p.m.3 views

UBUNTU-CVE-2026-6352

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6.1AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 9:16 p.m.2 views

UBUNTU-CVE-2026-8472

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS6.1AI score0.00243EPSS
Exploits0References2
Rows per page
Query Builder