CVE-2026-1094

Summary (CVE-2026-1094): GitLab CE/EE versions 18.8 prior to 18.8.4 were patched to address an issue where an authenticated developer could hide specially crafted file changes from the WebUI. The remediation is included in GitLab 18.8.4 (and later). The CVSSv3.1 base score is 4.6 (MEDIUM) with at...

CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

CVE-2026-1094

Removed by vendor...

PT-2026-7513

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 18.8.4 Description An issue existed in GitLab CE/EE that allowed an authenticated developer to conceal specifically designed file modifications from the WebUI. Recommendations Update to version 18.8.4 or later...

EUVD-2022-0909

Malicious code in bioql PyPI...

BIT-GITLAB-2025-7337 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by...

CVE-2025-7337

GitLab CE/EE is affected in versions 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2. An authenticated user with Developer-level access could upload large files, enabling a persistent denial-of-service for all users on the instance. Root cause: the issue stems from insufficient vali...

CVE-2025-7337 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by...

PT-2025-37294

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.8 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An authenticated user with Developer-level access could cause a persistent denial of service affecting a...

PT-2022-7176

Name of the Vulnerable Software and Affected Versions Crafter Studio of Crafter CMS affected versions not specified Description The issue is related to an Improper Control of Dynamically-Managed Code Resources vulnerability. This vulnerability allows authenticated developers to execute OS command...

Sage Group Sage X3 操作系统命令注入漏洞

Sage Group Sage X3 is an application from Sage Group, Inc. an enterprise resource planning product developed for mature organizations. An operating system command injection vulnerability exists in Sage Group Sage X3, where an authenticated user with developer access could pass operating system...

CVE-2019-0277

SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space XML External Entity vulnerability...

CVE-2019-0277

SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space XML External Entity vulnerability...