CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

CVE•added 2026/05/14 5:36 a.m.•23 views

CVE-2026-3074

GitLab CVE-2026-3074 affects GitLab CE/EE: versions 16.7–before 18.9.7, 18.10–before 18.10.6, and 18.11–before 18.11.3. An unauthenticated user could download private debugging symbols from inaccessible projects due to improper access control. Root cause: improper access control. Vectors/exploita...

4.3CVSS5.8AI score0.00021EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/03/25 12:0 a.m.•4 views

GitLab 访问控制错误漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities existed in versions prior to GitLab EE 18.8.7, 18.9.3,...

7.5CVSS5.9AI score0.00028EPSS

Exploits0References4

Tenable Nessus•added 2025/11/18 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-7736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowe...

4.3CVSS5.6AI score0.00013EPSS

Exploits0References2

OSV•added 2025/10/27 8:15 p.m.•2 views

GHSA-P3V4-C93G-CMHW BBOT's gitlab.py exposes globally configured "gitlab" API key

Summary bbot's gitlab.py sends the user's "gitlab" API key to on-premise GitLab instances. If a user has configured a gitlab.com API key using this mechanism, it may be leaked to an attacker-controlled server. Impact A user with a "gitlab" API key configured who uses bbot to scan a malicious...

4.7CVSS6.6AI score0.00029EPSS

Exploits0References4

CVE•added 2025/10/09 3:46 p.m.•7 views

CVE-2025-10282

BBOT's gitlab module exposes GitLab API keys by using a maliciously formatted git URL, leading to information exposure to an attacker-controlled server. Multiple sources (including Red Hat CVE entry and accompanying advisories) describe the issue as a leak of the user’s API key when bb ot process...

4.7CVSS6.3AI score0.00029EPSS

Exploits0References1

Positive Technologies•added 2025/10/09 12:0 a.m.•3 views

PT-2025-41395

Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The gitlab module in BBOT may allow an attacker to disclose a GitLab API key to a server under their control by using a maliciously formatted git URL. This could potentially lead to unauthorized...

4.7CVSS6.2AI score0.00029EPSS

Exploits0References7