CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/24 9:8 a.m.•1 views

BIT-GITLAB-2025-3922 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient...

6.5CVSS5.4AI score0.00047EPSS

OSV•added 2026/04/24 9:5 a.m.•2 views

BIT-GITLAB-2025-0186 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests...

6.5CVSS5.4AI score0.00046EPSS

RedhatCVE•added 2026/04/24 7:22 a.m.•4 views

CVE-2026-4922

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...

8.1CVSS5.5AI score0.0001EPSS

Exploits0References1

RedhatCVE•added 2026/04/23 11:20 p.m.•1 views

CVE-2026-40161

A flaw was found in Tekton Pipelines. A tenant with permissions to create TaskRun or PipelineRun resources can exploit this vulnerability. By omitting the Git API token parameter and pointing the serverURL to an attacker-controlled endpoint, the system-configured Git API token such as a GitHub...

7.7CVSS5.7AI score0.00037EPSS

Exploits0References6

Wolfi•added 2026/04/23 7:48 p.m.•8 views

GHSA-J88V-2CHJ-QFWX vulnerabilities

Vulnerabilities for packages: steampipe, openfga, kine, temporal, spire-server, falcosidekick, openbao, kuma, sftpgo, gitlab-kas, grafana, cloudnative-pg, pgtimetable, kubeflow-pipelines, caddy, certificate-transparency, cloudprober, teleport, sftpgo-plugin-eventsearch, bento, rke2-cloud-provider...

5.4AI score

Exploits0

8.1CVSS5.9AI score0.0001EPSS

EUVD-2026-25040

EUVD•added 2026/04/22 6:31 p.m.•5 views

EUVD-2026-25046

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...

8CVSS6.1AI score0.00028EPSS

EUVD•added 2026/04/22 6:31 p.m.•0 views

EUVD-2026-24961

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

3.5CVSS5.8AI score0.00013EPSS

4.3CVSS5.8AI score0.00017EPSS

EUVD-2026-25044

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...

5.4CVSS5.8AI score0.00015EPSS

EUVD-2026-25048

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

6.5CVSS5.8AI score0.00032EPSS

EUVD-2025-209555

6.5CVSS5.8AI score0.00046EPSS

EUVD-2025-209549

6.5CVSS5.8AI score0.00078EPSS

EUVD-2026-24959

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

2.7CVSS5.8AI score0.00017EPSS

EUVD-2025-209556

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to...

6.5CVSS5.8AI score0.00047EPSS

EUVD-2025-209551

NVD•added 2026/04/22 5:16 p.m.•3 views

CVE-2026-4922

8.1CVSS0.0001EPSS

NVD•added 2026/04/22 5:16 p.m.•3 views

CVE-2026-5816

8.1CVSS0.00028EPSS

NVD•added 2026/04/22 5:16 p.m.•1 views

CVE-2026-5262

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...

8CVSS0.00073EPSS

NVD•added 2026/04/22 5:16 p.m.•1 views

CVE-2026-5377

4.3CVSS0.00017EPSS