CVE-2026-3607 Access Control Check Implemented After Asset is Accessed in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control...

EUVD-2026-30229

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper...

CVE-2026-4524

Removed by vendor...

CVE-2026-4527

Removed by vendor...

CVE-2026-6335

Removed by vendor...

CVE-2026-8280

CVE-2026-8280 affects GitLab CE/EE with all versions 8.3–18.11 before patched; the issue allows an authenticated user to cause a denial of service via excessive memory consumption caused by improper input validation. Affected versions require remediation: GitLab 18.9.7 (for 18.9.x branch), 18.10....

CVE-2026-8280

Removed by vendor...

EUVD-2026-30243

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation...

CVE-2026-8144

Removed by vendor...

EUVD-2026-30241

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

CVE-2026-24712

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

EUVD-2026-30276

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

PT-2026-40931

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

CVE-2026-24712

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

PT-2026-40855

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.5 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an unauthenticated user can cause a denial of service by sending specially...

PT-2026-40854

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.5 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an unauthenticated user can cause a denial of service by sending specially...

Northern.tech CFEngine 安全漏洞

Northern.tech CFEngine is an IT infrastructure configuration management and automation framework developed by Northern.tech. There are security vulnerabilities in versions of Northern.tech CFEngine Enterprise and Community prior to 3.21.8, 3.24.3, and 3.27.0. These vulnerabilities stem from...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE from 15.1 ...

CVE-2026-24712

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

PT-2026-40879

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.1 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user with project membership can enumerate private group...