Lucene search
K

192 matches found

CVE
CVE
added 2026/05/14 5:36 a.m.31 views

CVE-2026-3073

Summary: GitLab fixed an authorization issue in GitLab CE/EE. Before the patch, versions 17.6 up to (but not including) 18.9.7, 18.10 up to (but not including) 18.10.6, and 18.11 up to (but not including) 18.11.3 allowed an authenticated user with developer-role permissions to bypass PyPI package...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 5:36 a.m.12 views

CVE-2026-3073 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:35 a.m.10 views

CVE-2026-3607

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control...

4.3CVSS5.8AI score0.00228EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/14 5:35 a.m.11 views

EUVD-2026-30227

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control...

4.3CVSS5.8AI score0.00228EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/14 5:35 a.m.9 views

CVE-2026-3607

Removed by vendor...

4.3CVSS5.8AI score0.00228EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/14 5:34 a.m.8 views

CVE-2026-6063 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References3
CVE
CVE
added 2026/05/14 5:34 a.m.35 views

CVE-2026-6063

GitLab EE vulnerability CVE-2026-6063 affects multiple release lines where an authenticated user with developer permissions could remove code owner approval rules from merge requests due to improper access control. Affected versions include all 11.10.x prior to 18.9.7, 18.10.x prior to 18.10.6, a...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 5:33 a.m.7 views

CVE-2026-7481 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...

8.7CVSS6.1AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.10 views

PT-2026-40864

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.3 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper access control allows an authenticated user with developer-role permissions to bypass packag...

4.3CVSS5.8AI score0.00228EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40861

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.6 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper authorization checks allow an authenticated user with developer-role permissions to bypass...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

GitLab 跨站脚本漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab prior to 18.9.7, 18.10.6, and 18.11.3 contained a...

8.7CVSS6AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/16 12:54 a.m.6 views

EUVD-2026-23112

Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role...

5.1CVSS5.8AI score0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 9:32 p.m.5 views

CVE-2026-1711 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role.

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS5.8AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 9:31 p.m.21 views

CVE-2026-1564 Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.

Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role...

5.1CVSS0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 9:31 p.m.3 views

CVE-2026-1564 Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.

Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role...

5.1CVSS5.8AI score0.00187EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/08 11:16 p.m.3 views

CVE-2026-1752

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

4.3CVSS5.8AI score0.00311EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 11:16 p.m.4 views

UBUNTU-CVE-2026-1752

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

4.3CVSS5.8AI score0.00311EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/08 10:25 p.m.19 views

CVE-2026-1752 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

4.3CVSS0.00311EPSS
Exploits0References3
OSV
OSV
added 2026/03/02 9:8 a.m.4 views

BIT-GITLAB-2026-1747 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

4.3CVSS6AI score0.00229EPSS
Exploits0References4
OSV
OSV
added 2026/03/02 9:5 a.m.6 views

BIT-GITLAB-2025-14103 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...

4.3CVSS6AI score0.0019EPSS
Exploits0References4
Rows per page
Query Builder