Lucene search
K

2855 matches found

EUVD
EUVD
added 2026/05/14 5:34 a.m.9 views

EUVD-2026-30233

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 5:34 a.m.8 views

CVE-2026-6063 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References3
CVE
CVE
added 2026/05/14 5:34 a.m.31 views

CVE-2026-6063

GitLab EE vulnerability CVE-2026-6063 affects multiple release lines where an authenticated user with developer permissions could remove code owner approval rules from merge requests due to improper access control. Affected versions include all 11.10.x prior to 18.9.7, 18.10.x prior to 18.10.6, a...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:33 a.m.5 views

CVE-2026-6883

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

2.6CVSS5.8AI score0.00146EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 5:33 a.m.9 views

CVE-2026-6883 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

2.6CVSS5.8AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 5:33 a.m.7 views

EUVD-2026-30237

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

2.6CVSS5.8AI score0.00146EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 5:33 a.m.34 views

CVE-2026-6883 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

2.6CVSS0.00146EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 5:33 a.m.32 views

CVE-2026-6883

GitLab CVE-2026-6883 affects GitLab Enterprise Edition (EE) across multiple tracked versions prior to patch levels: 15.7–before 18.9.7, 18.10–before 18.10.6, and 18.11–before 18.11.3. The root cause is improper cleanup of orphaned policy records, allowing an authenticated user to bypass merge req...

4.3CVSS5.8AI score0.00146EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.19 views

PT-2026-41191

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An authenticated attacker can perform a mass assignment attack via the 'POST /api/v1/evaluations/feedback' endpoint. This is possible because the FeedbackForm uses a configuration that allows extr...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.7 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab EE...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-40871

Name of the Vulnerable Software and Affected Versions GitLab EE versions 11.10 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description Improper access control allows an authenticated user with developer-role permissions to remove code owner...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There were security vulnerabilities in versions of GitLab EE from 11.10...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.7 views

PT-2026-40875

Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.7 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user can bypass merge request approval requirements. This occurs due to...

4.3CVSS5.7AI score0.00146EPSS
Exploits0References5
Redos
Redos
added 2026/05/14 12:0 a.m.11 views

ROS-20260514-73-0002

A vulnerability in the phparraymergewrapper function of the PHP programming language involves buffer copying without input validation. Exploitation of the vulnerability could allow a remote attacker to compromise data integrity and cause a denial of service...

8.2CVSS6AI score0.00428EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/13 5:32 p.m.9 views

CVE-2026-43896

A flaw was found in jq, a command line JSON processor. The jvobjectmergerecursive function, reachable via the operator when both operands are objects, does not have a depth limit when processing nested objects. This missing depth limit allows an attacker who can supply a sufficiently nested input...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2026/05/13 8:1 a.m.9 views

jq: Stack Overflow in Recursive Object Merge

...

6.2CVSS5.8AI score0.00154EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.11 views

SUSE CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

5.5CVSS5.8AI score0.00154EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/12 3:1 p.m.13 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution in the process of copying enumerable properties from a user-supplied object to a generated message instance without filtering the proto property. An attacker can alter the prototype of individual message instances by...

7.5CVSS6.4AI score0.00264EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 3:1 p.m.8 views

Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution in the code generation. An attacker who has achieved prototype pollution by a different exploit can execute arbitrary JavaScript code by polluting...

8.1CVSS6.5AI score0.00499EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 6:16 p.m.23 views

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS0.00154EPSS
Exploits1References1
Rows per page
Query Builder