CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/24 9:10 a.m.•2 views

BIT-GITLAB-2026-3254 Improper Restriction of Rendered UI Layers or Frames in GitLab

3.5CVSS5.4AI score0.00013EPSS

Exploits0References3

Tenable Nessus•added 2026/04/23 12:0 a.m.•1 views

FreeBSD : Gitlab -- vulnerabilities (73b927a6-3ecd-11f1-be20-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 73b927a6-3ecd-11f1-be20-2cf05da270f3 advisory. Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab...

8.1CVSS5.4AI score0.00078EPSS

Exploits0References13

EUVD•added 2026/04/22 6:31 p.m.•0 views

EUVD-2026-24961

NVD•added 2026/04/22 5:16 p.m.•1 views

Exploits0References3

CVE-2026-3254

3.5CVSS0.00013EPSS

Cvelist•added 2026/04/22 4:29 p.m.•22 views

CVE-2026-3254 Improper Restriction of Rendered UI Layers or Frames in GitLab

3.5CVSS0.00013EPSS

Vulnrichment•added 2026/04/22 4:29 p.m.•2 views

CVE-2026-3254 Improper Restriction of Rendered UI Layers or Frames in GitLab

CVE•added 2026/04/22 4:29 p.m.•133 views

CVE-2026-3254

GitLab CVE-2026-3254 affects GitLab CE/EE versions 18.11 and earlier, remediated in 18.11.1. Root cause: improper input validation in the Mermaid sandbox that could allow an authenticated user to load unauthorized content into another user’s browser. Impact limited to potential exposure of unauth...

Exploits0References2Affected Software1

ATTACKERKB•added 2026/04/22 4:29 p.m.•1 views

CVE-2026-3254

Exploits0References3Affected Software1

FreeBSD•added 2026/04/22 12:0 a.m.•7 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab Improper Resolution of Path Equivalence issue in Web IDE asset impacts GitLab CE/EE Cross-site Scripting issue in Storybook impacts GitLab CE/EE Denial of Service issue in discussions endpoint impacts GitL...

5.7AI score

Tenable Nessus•added 2026/04/22 12:0 a.m.•2 views

GitLab 18.11 < 18.11.1 (CVE-2026-3254)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into...

3.5CVSS5.5AI score0.00013EPSS

Exploits0References4

CNNVD•added 2026/04/22 12:0 a.m.•5 views

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.11.1 contained a security...

Positive Technologies•added 2026/04/22 12:0 a.m.•3 views

PT-2026-34522

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.11 through 18.11.0 Description Improper input validation in the Mermaid sandbox could allow an authenticated user to load unauthorized content into another user's browser. Recommendations Update to version 18.11.1...

3.5CVSS5.1AI score0.00013EPSS

Exploits0References5

Tenable Nessus•added 2026/03/03 12:0 a.m.•5 views

GitLab 16.2 < 18.7.5 / 18.8 < 18.8.5 / 18.9 < 18.9.1 (CVE-2026-0752)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an...

8CVSS6.1AI score0.00096EPSS

Exploits0References5

OSV•added 2026/03/02 9:8 a.m.•5 views

BIT-GITLAB-2026-0752 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauthenticated user to inject arbitrary scripts into the Mermaid sandbox UI...

8CVSS6.1AI score0.00096EPSS

Exploits0References4

Tenable Nessus•added 2026/03/02 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-0752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain...

8CVSS6.1AI score0.00096EPSS

Tenable Nessus•added 2026/03/01 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-1725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated...

7.5CVSS6AI score0.00052EPSS

NCSC•added 2026/02/27 7:15 a.m.•5 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in versions 9.0 to but not including 18.7.5, 18.8 to but not including 18.8.5, and 18.9 to but not including 18.9.1. The vulnerabilities included several Denial of Service DoS and security vulnerabilities that could be exploited by both authenticated and...

8CVSS5.8AI score0.00096EPSS

RedhatCVE•added 2026/02/26 10:34 p.m.•3 views

CVE-2026-0752

8CVSS5.6AI score0.00096EPSS