CVE-2026-6063 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

CVE-2025-12155

A Command Injection vulnerability, resulting from improper file path sanitization Directory Traversal in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. Looker-hosted and Self-hosted were found to be vulnerable. Th...

CVE-2025-12155 Command Injection in Looker

A Command Injection vulnerability, resulting from improper file path sanitization Directory Traversal in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. Looker-hosted and Self-hosted were found to be vulnerable. Th...