Lucene search
+L

973 matches found

RedhatCVE
RedhatCVE
added 2026/07/09 9:35 a.m.6 views

CVE-2026-11827

A flaw was found in GitLab EE. An authenticated user with maintainer-role permissions could, under specific conditions, exploit improper authorization controls. This vulnerability allows the user to obtain other users' stored credentials, leading to unauthorized information disclosure...

4.9CVSS5.9AI score0.00255EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.6 views

GitLab 9.5 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-11827)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated...

4.9CVSS6.2AI score0.00255EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-11827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain...

4.9CVSS6.2AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 9:16 p.m.7 views

CVE-2026-11827

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS0.00255EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/08 8:46 p.m.6 views

EUVD-2026-42404

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS6AI score0.00255EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 8:46 p.m.36 views

CVE-2026-11827 Insufficiently Protected Credentials in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS0.00255EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 8:46 p.m.91 views

CVE-2026-11827

Summary: GitLab EE fixed an issue where an authenticated user with maintainer permissions could obtain another user’s stored credentials due to improper authorization controls. Affected versions (before patches): GitLab EE 9.5 up to 18.11.7, 19.0 up to 19.0.4, and 19.1 up to 19.1.2. Root cause (a...

4.9CVSS6AI score0.00255EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/08 5:20 p.m.3 views

DRUPAL-CONTRIB-2026-079

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

9.1CVSS6.1AI score0.00508EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 5:19 p.m.4 views

DRUPAL-CONTRIB-2026-078

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.9CVSS6.1AI score0.00392EPSS
Exploits0References1
Drupal
Drupal
added 2026/07/08 12:0 a.m.7 views

Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.9CVSS5.9AI score0.00414EPSS
Exploits0References2
Drupal
Drupal
added 2026/07/08 12:0 a.m.4 views

Commerce guest registration - Critical - Unsupported - SA-CONTRIB-2026-079

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

9.1CVSS5.9AI score0.00508EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.12 views

PT-2026-56587

Name of the Vulnerable Software and Affected Versions GitLab EE versions 9.5 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description Improper authorization controls could allow an authenticated user with maintainer-role permissions to obtain the...

4.9CVSS6.1AI score0.00255EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.10 views

PT-2026-56668

Name of the Vulnerable Software and Affected Versions Drupal Commerce guest registration affected versions not specified Description A security issue exists in the guest registration process of Drupal Commerce. Recommendations At the moment, there is no information about a newer version that...

6.1AI score0.00508EPSS
Exploits0References4
Drupal
Drupal
added 2026/07/08 12:0 a.m.6 views

Clean RESTful - Critical - Unsupported - SA-CONTRIB-2026-078

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.9CVSS5.9AI score0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56667

Name of the Vulnerable Software and Affected Versions Drupal Clean RESTful versions . Description A security issue exists in Drupal Clean RESTful. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

6.1AI score0.00392EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-27775

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

8.8CVSS0.00523EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-26231

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS0.00291EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.7 views

CVE-2026-27775

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

5.9AI score0.00523EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.33 views

CVE-2026-26231 Gitea maintainer-edit permissions allow unauthorized commits to readable repositories

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS0.00291EPSS
Exploits0References5
CVE
CVE
added 2026/07/03 8:19 p.m.90 views

CVE-2026-26231

Gitea versions up to 1.26.1 expose an Authorization Bypass via the Allow edits from maintainers option. The root cause is the PR-create flow binding allow_maintainer_edit=true without verifying the submitter’s write access to the HEAD repository, enabling reverse-fork PR abuse to authorize pushes...

8.5CVSS7.1AI score0.00291EPSS
Exploits0References5
Rows per page
Query Builder