CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/03/26 3:11 p.m.•2 views

CVE-2026-32594

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14, the GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection...

7.3CVSS5.8AI score0.00342EPSS

RedhatCVE•added 2026/03/26 3:8 p.m.•4 views

CVE-2026-24125

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS5.8AI score0.00426EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 3:3 p.m.•4 views

CVE-2026-30966

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any...

10CVSS5.8AI score0.00384EPSS

RedhatCVE•added 2026/03/26 3:1 p.m.•3 views

CVE-2026-1069

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...

7.5CVSS5.8AI score0.00398EPSS

RedhatCVE•added 2026/03/26 2:59 p.m.•2 views

CVE-2026-31800

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

9.1CVSS5.8AI score0.00335EPSS

NCSC•added 2026/03/26 9:48 a.m.•6 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in versions 18.8.7, 18.9.3, and 18.10.1. The vulnerabilities included denial-of-service scenarios that could be triggered by authenticated users via specific Webhook configurations and continuous integration inputs. In addition, there were issues with improper...

8.8CVSS5.8AI score0.00478EPSS

EUVD•added 2026/03/25 6:31 p.m.•3 views

EUVD-2026-15935

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...

EUVD•added 2026/03/25 6:31 p.m.•5 views

Exploits0References4

EUVD-2026-15937

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...

7.5CVSS5.8AI score0.00478EPSS

Exploits0References4

CVE•added 2026/03/25 4:33 p.m.•30 views

CVE-2026-3857

GitLab CSRF protection weakness allowed an unauthenticated user to trigger arbitrary GraphQL mutations on behalf of authenticated users in GitLab CE/EE versions 17.10–before 18.8.7, 18.9–before 18.9.3, and 18.10–before 18.10.1. Patches fixed these issues in the 18.10.1 release (and related adviso...

8.8CVSS6.1AI score0.00169EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/03/25 4:33 p.m.•21 views

CVE-2026-3857 Cross-Site Request Forgery (CSRF) in GitLab

8.1CVSS0.00169EPSS

Vulnrichment•added 2026/03/25 4:33 p.m.•3 views

CVE-2026-3857 Cross-Site Request Forgery (CSRF) in GitLab

ATTACKERKB•added 2026/03/25 4:33 p.m.•2 views

CVE-2026-3857

Exploits0References4Affected Software1

CVE•added 2026/03/25 4:33 p.m.•12 views

CVE-2026-3988

GitLab CVE-2026-3988 affects GitLab CE/EE prior to 18.8.7, 18.9 prior to 18.9.3, and 18.10 prior to 18.10.1. The issue stems from improper input validation in GraphQL request processing, allowing an unauthenticated attacker to cause a denial of service by making the GitLab instance unresponsive. ...

7.5CVSS5.8AI score0.00478EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/03/25 4:33 p.m.•4 views

CVE-2026-3988

7.5CVSS5.8AI score0.00478EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/03/25 4:33 p.m.•19 views

CVE-2026-3988 Inefficient Algorithmic Complexity in GitLab

7.5CVSS0.00478EPSS

Positive Technologies•added 2026/03/25 12:0 a.m.•4 views

PT-2026-28063

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.10 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An issue exists in GitLab CE/EE that could allow an unauthenticated user to execute arbitrary GraphQL...

CNNVD•added 2026/03/25 12:0 a.m.•5 views

Exploits0References9

GitLab 跨站请求伪造漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab CE/EE from 17.10 to 18.8.7, as well as those from 18...

8.8CVSS6.1AI score0.00169EPSS