CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3121 matches found

OSV•added 2025/06/26 5:31 a.m.•9 views

CVE-2025-5846 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

2.7CVSS6.3AI score0.00211EPSS

Exploits0References4

CNNVD•added 2025/06/26 12:0 a.m.•2 views

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions prior to 10.7 through 17.11.5...

6.5CVSS6.1AI score0.00304EPSS

Exploits0References3

BDU FSTEC•added 2025/06/26 12:0 a.m.•3 views

The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows a hacker to perform a CSRF attack.

The vulnerability of the GraphQL API interface of a software platform based on Git for collaborative code development on GitLab is related to the manipulation of inter-site requests. Exploiting this vulnerability allows an attacker operating remotely to perform a CSRF attack...

9.4CVSS5.8AI score0.00352EPSS

Exploits1References3Affected Software1

Tenable Nessus•added 2025/06/26 12:0 a.m.•7 views

GitLab 10.7 < 17.11.5 / 18.0 < 18.0.3 / 18.1 < 18.1.1 (CVE-2025-3279)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS...

6.5CVSS5.6AI score0.00304EPSS

Exploits0References4

Positive Technologies•added 2025/06/25 12:0 a.m.•3 views

PT-2025-26939 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.10 through 17.11.4 GitLab EE versions 18.0 through 18.0.2 GitLab EE versions 18.1 through 18.1.0 Description: An issue has been discovered that could have allowed authenticated users to assign unrelated compliance...

4.3CVSS6AI score0.00211EPSS

Exploits0References13

Positive Technologies•added 2025/06/25 12:0 a.m.•3 views

PT-2025-26937 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.7 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: An issue has been discovered in GitLab CE/EE that could allow authenticated attackers to create a...

6.8CVSS5.9AI score0.00304EPSS

Exploits0References14

OSV•added 2025/06/24 3:13 p.m.•6 views

BIT-GITLAB-2024-4994 Cross-Site Request Forgery (CSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...

8.1CVSS7.1AI score0.00352EPSS

Exploits1References3

RedhatCVE•added 2025/06/23 8:38 a.m.•5 views

CVE-2024-4994

8.1CVSS7.2AI score0.00352EPSS

Exploits1References1

NVD•added 2025/06/20 7:15 p.m.•17 views

CVE-2024-4994

8.1CVSS0.00352EPSS

Exploits1References2

OSV•added 2025/06/20 7:15 p.m.•2 views

UBUNTU-CVE-2024-4994

8.1CVSS6AI score0.00352EPSS

Exploits1References4

Vulnrichment•added 2025/06/20 6:14 p.m.•6 views

CVE-2024-4994 Cross-Site Request Forgery (CSRF) in GitLab

8.1CVSS7.2AI score0.00352EPSS

Exploits1References2

OSV•added 2025/06/20 6:14 p.m.•4 views

CVE-2024-4994 Cross-Site Request Forgery (CSRF) in GitLab

8.1CVSS7AI score0.00352EPSS

Exploits1References5

Debian CVE•added 2025/06/20 6:14 p.m.•4 views

CVE-2024-4994

Removed by vendor...

8.1CVSS6AI score0.00352EPSS

Exploits1

Cvelist•added 2025/06/20 6:14 p.m.•15 views

CVE-2024-4994 Cross-Site Request Forgery (CSRF) in GitLab

8.1CVSS0.00352EPSS

Exploits1References2

Veracode•added 2025/06/20 3:48 a.m.•7 views

Denial Of Service (DoS)

Liferay Portal is vulnerable to Denial Of Service DoS. The vulnerability is due to missing or insufficient validation of GraphQL query depth and complexity, allows attackers to craft overly complex queries that overwhelm the server...

8.7CVSS6.2AI score0.0042EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/06/18 2:16 p.m.•12 views

CVE-2025-3602

Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on t...

8.7CVSS6.6AI score0.0042EPSS

Exploits0References1

Snyk•added 2025/06/16 3:32 p.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of restrictions on the depth of GraphQL queries. An attacker can exhaust system...

8.7CVSS6.9AI score0.0042EPSS

Exploits0References2

OSV•added 2025/06/16 3:32 p.m.•7 views

GHSA-8C26-XM99-53W7 Liferay Portal does not limit the depth of a GraphQL queries

8.7CVSS7.2AI score0.0042EPSS

Exploits0References4