ROS-20260605-73-0022

The vulnerability in Portainer-Ce is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

ROS-20260605-73-0020

The vulnerability in Portainer-Ce relates to the disclosure of information through query strings. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

ROS-20260605-73-0023

The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

ROS-20260605-73-0021

The vulnerability in Portainer-Ce is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Linux Distros Unpatched Vulnerability : CVE-2026-1402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

ROS-20260529-73-0009

The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

EUVD-2026-33007

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

CVE-2026-33590 Insecure default permissions in Portainer CE

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

CVE-2026-1402

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation...

CVE-2026-1402

GitLab CVE-2026-1402 affects GitLab CE/EE, before versions 18.10.7 (17.1–pre 18.10.7), 18.11 before 18.11.4, and 19.0 before 19.0.1. The issue allowed an authenticated user to trigger a denial of service due to insufficient validation. The vulnerability has been remediated in the provided patch r...

Linux Distros Unpatched Vulnerability : CVE-2025-12669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: trivy, nfpm, cerbos, grype, crossplane-fips, tfsec, k9s, grype-fips, skaffold-fips, osv-scanner, snyk-cli, scorecard, kots, trivy-fips, chainloop-cli-fips, kubevela-fips, kyverno-fips, pulumi-kubernetes-operator, kaniko-fips, grafana-alloy-fips, trufflehog-fips,...

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: trivy, nfpm, cerbos, grype, crossplane-fips, tfsec, k9s, grype-fips, skaffold-fips, osv-scanner, snyk-cli, scorecard, kots, trivy-fips, chainloop-cli-fips, kubevela-fips, kyverno-fips, pulumi-kubernetes-operator, kaniko-fips, grafana-alloy-fips, trufflehog-fips,...

BIT-GITLAB-2026-3073 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to...

CVE-2026-44973 vulnerabilities

Vulnerabilities for packages: chainloop-cli, cerbos, terragrunt-fips, rancher-fleet, seaweedfs-rocksdb-fips, amazon-ssm-agent, gitaly, skaffold-fips, terragrunt, packer-fips, syft, argo-cd, teleport, scorecard, telegraf, argo-cd-fips, rclone, cerbos-fips, chainloop-cli-fips, rancher-fleet-fips,...

GHSA-QW64-3X98-G7Q2 vulnerabilities

Vulnerabilities for packages: chainloop-cli, cerbos, terragrunt-fips, rancher-fleet, seaweedfs-rocksdb-fips, amazon-ssm-agent, gitaly, skaffold-fips, terragrunt, packer-fips, syft, argo-cd, teleport, scorecard, telegraf, argo-cd-fips, rclone, cerbos-fips, chainloop-cli-fips, rancher-fleet-fips,...

CVE-2025-13874

CVE-2025-13874 affects GitLab CE/EE campaigns: all versions from 15.1 prior to 18.9.7, 18.10 prior to 18.10.6, and 18.11 prior to 18.11.3 could allow an authenticated user with Guest permissions to view issues in projects they were not authorized to access. The issue is described as an Authorizat...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE 17.6 to 18.9.7, 18.10...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.11.3 contained a cross-site...

CVE-2026-43870 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...