EUVD-2025-18490

Malicious code in bioql PyPI...

EUVD-2025-15231

Malicious code in bioql PyPI...

EUVD-2024-46495

Malicious code in bioql PyPI...

CVE-2025-5846

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

CVE-2025-5846 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition versions prior to 17.11.5, prior to 18.0.3, and prior to 18.1.1, which stems from a bypass of privilege checking and could lead to...

CVE-2025-5121

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...

CVE-2025-5121

CVE-2025-5121 affects GitLab CE/EE versions 17.11 prior to 17.11.4 and 18.0 prior to 18.0.2. The issue is a missing authorization check that could allow applying compliance frameworks to projects outside the intended group. Public documents confirm the vulnerability description across multiple fe...

CVE-2025-5121 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...

CVE-2025-5121 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...

CVE-2025-5121

Removed by vendor...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition and GitLab Community...

CVE-2024-5257

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may have been able to modify the URL for a group namespace...

CVE-2024-5257 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may have been able to modify the URL for a group namespace...

PT-2024-5346

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description The issue is related to insufficient access control in the admin compliance framework function of the Group Namespace URL Handler component in...

Vulnerability Scanning: How Often Should I Scan?

The time between a vulnerability being discovered and hackers exploiting it is narrower than ever – just 12 days. So it makes sense that organizations are starting to recognize the importance of not leaving long gaps between their scans, and the term "continuous vulnerability scanning" is becomin...

Cloud Security and Compliance Best Practices: Highlights From The CSA Cloud Controls Matrix

In a recent blog post, we highlighted the release of an InsightCloudSec compliance pack, that helps organizations establish and adhere to AWS Foundational Security Best Practices. While that’s a great pack for those who have standardized on AWS and are looking for a trusted set of controls to...

Wiz and RegScale: Cloud security compliance management at scale

Learn how to achieve compliance security at scale with Wiz and RegScale, supporting a variety of compliance framework controls...

FedRAMP and Its Applicability to ISVs Hosted on FedRAMP-Authorized IaaS

Independent Software Vendors ISVs often ask Coalfire about the FedRAMP compliance framework and how it applies to them. They hear that all software procured by the U.S. federal government must be FedRAMP authorized, and they come to the experts to help them navigate the process. The good news is...