CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 5 days ago•12 views

CVE-2026-5796

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS0.00193EPSS

NVD•added 5 days ago•9 views

CVE-2026-3176

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS0.00182EPSS

NVD•added 5 days ago•7 views

CVE-2026-12635

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

3.1CVSS0.00153EPSS

NVD•added 5 days ago•9 views

CVE-2026-10086

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of...

8.7CVSS0.00231EPSS

NVD•added 5 days ago•6 views

CVE-2026-11379

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under...

5.3CVSS0.00188EPSS

NVD•added 5 days ago•8 views

CVE-2026-12053

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows...

8.6CVSS0.00328EPSS

8.7CVSS6.2AI score0.00231EPSS

EUVD-2026-39181

Cvelist•added 5 days ago•32 views

CVE-2026-10086 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

8.7CVSS0.00231EPSS

EUVD•added 5 days ago•5 views

EUVD-2026-39177

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

5.3CVSS5.9AI score0.00231EPSS

Cvelist•added 5 days ago•31 views

CVE-2026-3176 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS0.00182EPSS

3.1CVSS5.9AI score0.00182EPSS

EUVD-2026-39176

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

CVE•added 5 days ago•92 views

CVE-2026-3176

GitLab EE contained a vulnerability CVE-2026-3176 where an authenticated user with limited permissions could access project information due to insufficient authorization checks. Affected releases: GitLab EE 18.6 up to but not including 18.11.6; 19.0 up to but not including 19.0.3; 19.1 up to but ...

3.1CVSS5.9AI score0.00182EPSS

Exploits0References3Affected Software1

Cvelist•added 5 days ago•34 views

CVE-2026-5309 Authorization Bypass Through User-Controlled Key in GitLab

5.4CVSS0.00171EPSS

EUVD•added 5 days ago•5 views

EUVD-2026-39175

5.4CVSS5.9AI score0.00171EPSS

EUVD•added 5 days ago•5 views

EUVD-2026-39172

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint...

4.4CVSS5.8AI score0.0013EPSS

CVE•added 5 days ago•83 views

CVE-2026-11379

GitLab Security Advisory CVE-2026-11379 affects GitLab EE. The issue is an incorrect authorization flaw in DAST site profile management that could allow a user with the Developer role to exfiltrate DAST site profile secrets under certain conditions. Affected versions include all GitLab EE release...

5.3CVSS5.8AI score0.00188EPSS

Exploits0References2Affected Software1

5.3CVSS5.8AI score0.00188EPSS

EUVD-2026-39170

8.6CVSS5.8AI score0.00328EPSS

EUVD-2026-39169