CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

209 matches found

Fastify Swagger-UI - Information Disclosure

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS6AI score0.14363EPSS

Exploits0References2

Tenable Nessus•added 2026/02/12 12:0 a.m.•3 views

GitLab 15.11 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-12029)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an...

8CVSS5.6AI score0.00106EPSS

Exploits0References5

OSV•added 2025/12/18 12:4 p.m.•3 views

BIT-GITLAB-2025-12029 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious...

8CVSS6.9AI score0.00106EPSS

Exploits0References4

RedhatCVE•added 2025/12/12 8:6 a.m.•1 views

CVE-2025-12029

8CVSS6.9AI score0.00106EPSS

Exploits0References1

NCSC•added 2025/12/11 9:22 a.m.•5 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to upload malicious images, perform unauthorized actions by injecting malicious HTML, obtain sensitive information through GraphQL queries, and bypass WebAut...

8.7CVSS6.8AI score0.00106EPSS

Exploits0References1

NVD•added 2025/12/11 8:15 a.m.•3 views

CVE-2025-12029

8CVSS0.00106EPSS

Exploits0References3

CVE•added 2025/12/11 7:32 a.m.•18 views

CVE-2025-12029

CVE-2025-12029 affects GitLab CE/EE across multiple branches: versions before 18.4.6 (15.11–18.4.5), 18.5 before 18.5.4, and 18.6 before 18.6.2. The issue allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious external scripts into the Swa...

8CVSS6.6AI score0.00106EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/12/11 7:32 a.m.•23 views

CVE-2025-12029 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

8CVSS0.00106EPSS

Exploits0References3

Positive Technologies•added 2025/12/11 12:0 a.m.•1 views

PT-2025-50584

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.11 through 18.4.6 GitLab CE/EE versions 18.5 through 18.5.4 GitLab CE/EE versions 18.6 through 18.6.2 Description GitLab CE/EE is affected by an issue that, under certain circumstances, could allow an unauthenticated...

8CVSS6.6AI score0.00106EPSS

Exploits0References8

FreeBSD•added 2025/12/10 12:0 a.m.•5 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue in Wiki impacts GitLab CE/EE Improper encoding in vulnerability reports impacts GitLab CE/EE Cross-site scripting issue in Swagger UI impacts GitLab CE/EE Denial of service issue in GraphQL endpoints impacts GitLab CE/EE Authentication bypass issue for...

8.7CVSS6.9AI score0.00106EPSS

Exploits0References1

IBM Security Bulletins•added 2025/11/20 9:58 a.m.•11 views

Security Bulletin: Due to the use of Swagger UI, IBM Security SOAR is vulnerable to spoofing attacks..

Summary IBM Security SOAR uses Swagger-UI internally. CVE-2025-25031 Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this...

4.3CVSS6.2AI score0.8042EPSS

Exploits4Affected Software1