Lucene search
+L

278 matches found

nvd
nvd
added yesterday6 views

CVE-2026-58660

Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...

8.1CVSS
Exploits0References4
attackerkb
attackerkb
added yesterday3 views

CVE-2026-58660

Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...

8.1CVSS6.1AI score
Exploits0References5
nessus
nessus
added 2026/07/09 12:0 a.m.5 views

GitLab 18.9 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-8472)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticate...

4.3CVSS6.2AI score0.00243EPSS
Exploits0References5
nessus
nessus
added 2026/07/09 12:0 a.m.6 views

GitLab 9.1 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-7492)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an...

5.3CVSS6.2AI score0.00254EPSS
Exploits0References5
cve
cve
added 2026/07/08 8:46 p.m.68 views

CVE-2026-7492

GitLab CE/EE vulnerable in all versions before patch levels: 18.11.7 for 9.1–18.11.x, 19.0.4 for 19.0.x, and 19.1.2 for 19.1.x. The issue allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross‑project reference pages. Impact...

5.3CVSS6AI score0.00254EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/07/08 8:46 p.m.33 views

CVE-2026-7492 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS0.00254EPSS
Exploits0References3
euvd
euvd
added 2026/07/08 8:46 p.m.6 views

EUVD-2026-42406

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS6AI score0.00254EPSS
Exploits0References3
cve
cve
added 2026/07/08 8:46 p.m.83 views

CVE-2026-8472

CVE-2026-8472 affects GitLab Enterprise Edition and reports a privilege/authorization issue where an authenticated user with minimal access could read work item metadata from private projects. The root cause is missing authorization checks, enabling unintended metadata access. Affected versions i...

4.3CVSS6AI score0.00243EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/07/08 8:46 p.m.34 views

CVE-2026-8472 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.6 views

PT-2026-56616

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.1 through 18.11.6 GitLab CE/EE versions 19.0 through 19.0.3 GitLab CE/EE versions 19.1 through 19.1.1 Description Improper authorization controls on cross-project reference pages could allow an unauthenticated user to...

5.3CVSS6.1AI score0.00254EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.8 views

PT-2026-52908

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description An issue exists where the endpoint GET /api/v3/meetings/:meeting id/agenda items/:agenda item id discloses private work package data. This occurs when a linked work package belongs to a project...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3074

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

4.3CVSS5.5AI score0.00199EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:34 p.m.12 views

CVE-2026-1322

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...

8.1CVSS5.5AI score0.00311EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6713

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks...

5.3CVSS5.5AI score0.00322EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:29 p.m.10 views

CVE-2026-2619

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to...

4.3CVSS5.5AI score0.00333EPSS
Exploits0References1
nessus
nessus
added 2026/05/29 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-6713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

5.3CVSS5.8AI score0.00322EPSS
Exploits0References2
osv
osv
added 2026/05/28 9:12 a.m.13 views

BIT-GITLAB-2026-6713 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks...

5.3CVSS5.8AI score0.00322EPSS
Exploits0References4
ncsc
ncsc
added 2026/05/28 6:49 a.m.24 views

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, specifically in versions 12.7 through 18.10.7, 18.11 through 18.11.4, and 19.0 through 19.0.1. These vulnerabilities relate to various aspects of authentication, authorization, and validation...

8.2CVSS5.7AI score0.00471EPSS
Exploits0References1
nvd
nvd
added 2026/05/27 7:16 p.m.16 views

CVE-2026-6713

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks...

5.3CVSS0.00322EPSS
Exploits0References3
osv
osv
added 2026/05/27 7:16 p.m.12 views

UBUNTU-CVE-2026-6713

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks...

5.3CVSS5.8AI score0.00322EPSS
Exploits0References5
Rows per page
Query Builder