GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

CVE-2026-2238

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

CVE-2026-2238

CVE-2026-2238 affects GitLab CE/EE, impacting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. An unauthorized user could view confidential issue references on public projects due to improper authorization checks. The issue is mitigated in GitLab releases 18.11.6...

CVE-2026-2238 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

GitLab 17.5 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-2238)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an...

PT-2026-52202

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.5 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Improper authorization checks could allow an unauthenticated user to view confidential issue references ...

CVE-2026-27708 FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's call method accepts an orderid parameter and fetches the associated order without verifying the authenticated client owns it, potentially exposing cross-client data...

Astra Linux – Vulnerability in usbutils

The vulnerability of the readlinkrecursive function in the USBUtils utility is related to buffer overflow on the stack. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

ROS-20260617-73-0027

The vulnerability of the msl.c component in the console-based image editing tool ImageMagick is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to gain access to confidential data or cause service interruptions...

ROS-20260617-73-0021

The vulnerability of the console-based graphic editor ImageMagick is related to deficiencies in pathname restrictions for the directory. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

ROS-20260617-73-0022

The vulnerability of the console-based graphic editor ImageMagick is related to deficiencies in pathname restrictions for the directory. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

Improper Access Control

Keycloak is vulnerable to Improper Access Control. The vulnerability is due to insufficient audience restriction enforcement in the OpenID Connect token introspection endpoint, which allows an authenticated confidential client to access sensitive token claims intended for other resource servers...

CVE-2026-3553

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks...

EUVD-2026-36232

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks...

CVE-2026-3553 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks...

CVE-2026-3553 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks...

PT-2026-48646

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.0 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where incorrect authorization checks could allow an authenticated user to access...

GitLab 授权问题漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.0, 18.10.8, 18.11.5, and 19.0.2...

GitLab 12.0 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-3553)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

CVE-2026-2401

CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker...