21402 matches found
CVE-2026-1660
GitLab CVE-2026-1660 affects GitLab CE/EE versions 12.3–18.9.5, 18.10.0–18.10.3, and 18.11.0–18.11.0 due to improper input validation that could allow an authenticated user to cause a denial of service when importing issues. A patch release has been issued: 18.9.6, 18.10.4, and 18.11.1 (and relat...
CVE-2026-5262
Removed by vendor...
CVE-2026-5262 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...
CVE-2026-5262 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...
CVE-2026-5262
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...
CVE-2026-5262
Summary (CVE-2026-5262) GitLab CE/EE versions affected: 16.1.0 up to but not including 18.9.6, 18.10 up to but not including 18.10.4, and 18.11 up to but not including 18.11.1. The issue allowed an unauthenticated user to access tokens in the Storybook development environment due to improper inpu...
CVE-2026-5377
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...
CVE-2026-5377 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...
CVE-2026-5377 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...
CVE-2026-5377
Summary: CVE-2026-5377 affects GitLab CE/EE prior to 18.11.1. The vulnerability arises from improper access control in the issue description rendering process, which could allow an authenticated user to view titles of confidential or private issues in public projects. Affected versions: GitLab 18...
CVE-2026-5377
Removed by vendor...
CVE-2026-5816 Improper Resolution of Path Equivalence in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...
CVE-2026-5816
Removed by vendor...
CVE-2026-5816
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...
CVE-2026-5816
CVE-2026-5816 affects GitLab CE/EE prior to 18.10.4 and prior to 18.11.1, with an issue in path validation that could allow an unauthenticated user to execute arbitrary JavaScript in a user’s browser session. GitLab has released patches in versions 18.10.4 and 18.11.1 to remediate this. The vulne...
CVE-2026-5816 Improper Resolution of Path Equivalence in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...
CVE-2026-6515 Insufficient Session Expiration in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...
CVE-2026-6515
Removed by vendor...
CVE-2026-6515 Insufficient Session Expiration in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...
CVE-2026-6515
GitLab CVE-2026-6515 affects GitLab CE/EE versions 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1. The issue could allow a user to reuse invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions (insufficient session expiration). Remed...