Lucene search
K

45 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-13151

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

4.3CVSS0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-13151 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

2.7CVSS0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42403

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

2.7CVSS6AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2 days ago55 views

CVE-2026-13151

CVE-2026-13151: GitLab EE contained an improper authorization control allowing an authenticated user to modify group-level settings beyond their permissions in versions 16.10–18.11.7, 19.0–19.0.3, and 19.1–19.1.1. The issue has been remediated; patches were released (18.11.7, 19.0.4, 19.1.2) and ...

4.3CVSS6AI score0.00175EPSS
Exploits0References2Affected Software1
FreeBSD
FreeBSD
added 2 days ago3 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting issue in vulnerability evidence table renderer impacts GitLab EE HTML Injection in wiki markup rendering impacts GitLab CE/EE Insufficiently Protected Credentials issue in repository mirroring impacts GitLab EE Improper Access Control issue in work items impac...

8.7CVSS5.9AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 9:5 a.m.9 views

BIT-GITLAB-2026-8589 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...

8.7CVSS5.3AI score0.00255EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-8589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain...

8.7CVSS5.5AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 12:16 p.m.7 views

UBUNTU-CVE-2026-8589

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...

8.7CVSS5.3AI score0.00255EPSS
Exploits0References5
CVE
CVE
added 2026/06/11 10:20 a.m.51 views

CVE-2026-8589

GitLab EE is affected by CVE-2026-8589 due to improper sanitization of user-supplied input in certain group setting fields. This could allow an authenticated user to add unauthorized email addresses to another user’s account. Affected versions are 13.1.4 before 18.10.8, 18.11 before 18.11.5, and ...

8.7CVSS5.5AI score0.00255EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 10:20 a.m.11 views

CVE-2026-8589 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...

7.3CVSS5.5AI score0.00255EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 10:20 a.m.10 views

EUVD-2026-36226

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...

8.7CVSS5.5AI score0.00255EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 10:20 a.m.26 views

CVE-2026-8589 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...

7.3CVSS0.00255EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.10 views

GitLab Enterprise Edition(EE) 跨站脚本漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE from 13.1.4 to 18.10.8, as well as versions from 18.11 to 18.11.5 and from 19.0 to 19.0.2, contained a cross-site scripting vulnerability. This vulnerability stemmed from...

8.7CVSS5AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48655

Name of the Vulnerable Software and Affected Versions GitLab EE versions 13.1.4 through 18.10.7 GitLab EE versions 18.11 through 18.11.4 GitLab EE versions 19.0 through 19.0.1 Description An issue exists where an authenticated user can add unauthorized email addresses to a targeted user's account...

8.7CVSS5.2AI score0.00255EPSS
Exploits0References9
NVD
NVD
added 2026/05/13 2:17 p.m.10 views

CVE-2026-4607

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

4.3CVSS0.00234EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/13 1:27 p.m.24 views

EUVD-2026-29952

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:27 p.m.8 views

CVE-2026-4607

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/13 1:27 p.m.10 views

CVE-2026-4607 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/13 1:27 p.m.47 views

CVE-2026-4607 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

4.3CVSS0.00234EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder