Lucene search
K

94 matches found

Debian CVE
Debian CVE
added 2026/02/11 11:4 a.m.7 views

CVE-2026-1387

Removed by vendor...

6.5CVSS5.8AI score0.00289EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.4 views

CVE-2025-8099

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries...

7.5CVSS5.9AI score0.004EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.7 views

CVE-2026-1387

GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl...

6.5CVSS5.9AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.6 views

PT-2026-7523

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 10.8 through 18.6.6 GitLab CE/EE versions 18.7 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 Description GitLab CE/EE is susceptible to a denial-of-service condition. An unauthenticated user could potentially...

7.5CVSS5.4AI score0.004EPSS
Exploits0References12
NVD
NVD
added 2026/01/29 8:16 p.m.8 views

CVE-2025-15550

birkir prime = 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query...

5.3CVSS0.0014EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/21 5:27 p.m.5 views

CVE-2021-47748

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...

9.8CVSS6.9AI score0.0102EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-12562

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allow...

7.5CVSS7.5AI score0.0076EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.10 views

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

7.5CVSS6.5AI score0.01479EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 12:3 p.m.5 views

BIT-GITLAB-2025-11247 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries...

4.3CVSS6.2AI score0.00205EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/12 4:13 a.m.5 views

CVE-2025-12562

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

7.5CVSS6.7AI score0.0076EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 4:13 a.m.3 views

CVE-2025-11247

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries...

4.3CVSS6.3AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 4:15 a.m.4 views

CVE-2025-12562

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

7.5CVSS0.0076EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/11 4:4 a.m.2 views

CVE-2025-11247 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries...

4.3CVSS5.9AI score0.00205EPSS
Exploits0References3
CVE
CVE
added 2025/12/11 4:4 a.m.18 views

CVE-2025-11247

GitLab Enterprise Edition (EE) versions affected: 13.2–18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2. An authenticated user could disclose sensitive information from private projects by executing specially crafted GraphQL queries. Remediation: patch upgrades to the fixed releases (e.g., 18.4...

4.3CVSS5.9AI score0.00205EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/12/11 4:4 a.m.4 views

CVE-2025-11247 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries...

4.3CVSS6AI score0.00205EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/11 3:33 a.m.5 views

EUVD-2025-202658

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

7.5CVSS6.2AI score0.0076EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/11 3:33 a.m.3 views

CVE-2025-12562 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

7.5CVSS6.3AI score0.0076EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/11 3:33 a.m.28 views

CVE-2025-12562 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

7.5CVSS0.0076EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.7 views

PT-2025-50572

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.10 through 18.4.5 GitLab CE/EE versions 18.5 through 18.5.3 GitLab CE/EE versions 18.6 through 18.6.1 Description An unauthenticated user could create a denial of service condition by sending crafted GraphQL queries th...

7.8CVSS7.6AI score0.0076EPSS
Exploits0References10
Veracode
Veracode
added 2025/11/12 5:18 a.m.4 views

Cross-site Request Forgery (CSRF)

Apollo Studio Embeddable Explorer & Embeddable Sandbox are vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing origin validation in the client-side handling of window.postMessage events, which allows an attacker to send forged messages that trigger arbitrary GraphQL...

8.2CVSS6.9AI score0.00149EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder