Lucene search
K

305 matches found

CVE
CVE
added 2026/05/14 5:34 a.m.37 views

CVE-2026-6063

GitLab EE vulnerability CVE-2026-6063 affects multiple release lines where an authenticated user with developer permissions could remove code owner approval rules from merge requests due to improper access control. Affected versions include all 11.10.x prior to 18.9.7, 18.10.x prior to 18.10.6, a...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/14 5:34 a.m.10 views

EUVD-2026-30233

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/14 5:34 a.m.52 views

CVE-2026-6063 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There were security vulnerabilities in versions of GitLab EE from 11.10...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-40871

Name of the Vulnerable Software and Affected Versions GitLab EE versions 11.10 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description Improper access control allows an authenticated user with developer-role permissions to remove code owner...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.10 views

FreeBSD : Gitlab -- vulnerabilities (b933083e-2b2e-11f1-b60a-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b933083e-2b2e-11f1-b60a-2cf05da270f3 advisory. Gitlab reports: Improper Handling of Parameters issue in Jira Connect installations impacts...

8.8CVSS6.7AI score0.00478EPSS
Exploits0References14
OSV
OSV
added 2026/03/27 12:15 p.m.5 views

BIT-GITLAB-2026-2726 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.6 views

CVE-2026-2726

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.8 views

EUVD-2026-15803

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 5:16 p.m.5 views

CVE-2026-2726

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS0.00194EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/25 4:34 p.m.21 views

CVE-2026-2726 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS0.00194EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 4:34 p.m.66 views

CVE-2026-2726

GitLab CVE-2026-2726: An issue in GitLab CE/EE allowed an authenticated user to performUnauthorized actions on merge requests in other projects due to improper access control during cross-repository operations. Affected versions were: 11.10 to before 18.8.7, 18.9 before 18.9.3, and 18.10 before 1...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 4:34 p.m.4 views

CVE-2026-2726 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:34 p.m.4 views

CVE-2026-2726

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 4:34 p.m.3 views

CVE-2026-2726

Removed by vendor...

4.3CVSS5.8AI score0.00194EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-27987

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.10 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An authenticated user could perform unauthorized actions on merge requests in other projects. This was...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References7
FreeBSD
FreeBSD
added 2026/03/25 12:0 a.m.12 views

Gitlab -- vulnerabilities

Gitlab reports: Improper Handling of Parameters issue in Jira Connect installations impacts GitLab CE/EE Cross-Site Request Forgery issue in GLQL API impacts GitLab CE/EE HTML Injection in vulnerability report impacts GitLab EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Improper...

8.8CVSS5.9AI score0.00478EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 9:35 a.m.4 views

BIT-GITLAB-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11176

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

4.3CVSS5.7AI score0.00243EPSS
Exploits0References4
NVD
NVD
added 2026/03/11 4:16 p.m.4 views

CVE-2026-0602

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

4.3CVSS0.00243EPSS
Exploits0References3
Rows per page
Query Builder