Lucene search
K

28 matches found

UbuntuCve
UbuntuCve
added 2026/01/14 7:16 p.m.3 views

CVE-2025-11224

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality...

7.7CVSS6.1AI score0.00313EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/11/15 8:15 a.m.3 views

CVE-2025-2615

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

6.5CVSS5.9AI score0.00275EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/11/15 8:15 a.m.3 views

CVE-2025-7736

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/11/15 8:15 a.m.4 views

CVE-2025-11865

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...

5.3CVSS5.8AI score0.00196EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/11/15 8:15 a.m.4 views

CVE-2025-6945

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

3.5CVSS5.9AI score0.00233EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/27 12:15 a.m.3 views

CVE-2025-11971

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/13 6:15 p.m.3 views

CVE-2025-7739

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions...

8.7CVSS5.9AI score0.00293EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/13 6:15 p.m.2 views

CVE-2025-7734

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content...

8.7CVSS6AI score0.00289EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/13 6:15 p.m.0 views

CVE-2024-12303

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting...

6.7CVSS5.8AI score0.00374EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/13 6:15 p.m.2 views

CVE-2025-8770

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/06/12 10:16 a.m.4 views

CVE-2025-1516

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service...

7.5CVSS5.7AI score0.00357EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/05/23 1:15 p.m.6 views

CVE-2024-9163

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

7.5CVSS5.9AI score0.00356EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/05/09 5:15 p.m.9 views

CVE-2025-1278

An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information...

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/03/27 1:15 p.m.10 views

CVE-2025-2242

An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/03/13 12:0 a.m.11 views

CVE-2025-0652

An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only...

6.5CVSS5.8AI score0.0039EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/01/31 12:0 a.m.7 views

CVE-2023-6195

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image...

4.3CVSS5.8AI score0.00307EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/10/24 10:15 a.m.18 views

CVE-2024-8312

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

8.7CVSS5.8AI score0.00472EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/09/12 7:15 p.m.13 views

CVE-2024-6678

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances...

9.9CVSS7.4AI score0.01989EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/11/06 11:15 a.m.7 views

CVE-2023-5825

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to...

6.5CVSS6.5AI score0.00643EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/09/29 8:15 a.m.11 views

CVE-2023-3922

An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page...

7.1CVSS6.9AI score0.00387EPSS
Exploits0References1
Rows per page
Query Builder