CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added yesterday•4 views

CVE-2026-10087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

8.7CVSS6AI score0.00016EPSS

OSSF Malicious Packages•added yesterday•5 views

Malicious code in janus-ft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d7caaba8f20d0f04bcb79ab4046d34bea20b858ed3fc37931c76109b366835f On npm install, the package's postinstall.js script harvests installer-side secrets and ships them to a hardcoded bare-IP C2 endpoint. Specifically, ...

5.6AI score

OSV•added yesterday•4 views

MAL-2026-5557 Malicious code in janus-ft (npm)

5.6AI score

Positive Technologies•added yesterday•4 views

PT-2026-48650

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect...

5.4CVSS5.5AI score0.0001EPSS

Exploits0References4

Positive Technologies•added 2 days ago•5 views

PT-2026-48592

The Examples for Developers project aims to provide high-quality, well-documented API examples for a broad range of Drupal core functionality. The "Read from a file" feature implemented by the file example submodule can be used to expose any file that PHP can access. Therefore, the file example...

5.5AI score

Exploits0References2

RedhatCVE•added last week•6 views

CVE-2026-3073

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to...

4.3CVSS5.5AI score0.00011EPSS

RedhatCVE•added last week•6 views

CVE-2026-3607

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control...

4.3CVSS5.5AI score0.00011EPSS

RedhatCVE•added last week•6 views

CVE-2026-1338

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to delete protected container registry tags due to improper authorization...

4.3CVSS5.5AI score0.00011EPSS

OSV•added 2026/06/05 8:42 a.m.•3 views

BIT-APPSMITH-2026-7299 CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.3AI score0.0004EPSS

Exploits2References7

HackRead•added 2026/06/04 12:35 p.m.•14 views

Lazarus Group Uses npm Brandjacking Campaign to Target Developers

North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk...

5.8AI score

Exploits0

NVD•added 2026/06/02 4:16 p.m.•7 views

CVE-2026-7299

6.3CVSS0.0004EPSS

Exploits2References6

Tenable Nessus•added 2026/05/30 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-5296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational...

OSV•added 2026/05/28 9:12 a.m.•5 views

Exploits0References2

BIT-GITLAB-2026-5296 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow...

NVD•added 2026/05/27 7:16 p.m.•9 views

Exploits0References4

CVE-2026-5296

4.3CVSS0.00012EPSS

OSV•added 2026/05/27 7:16 p.m.•6 views

UBUNTU-CVE-2026-5296

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

Exploits0References5

PT-2026-44069

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.7 through 18.10.6 GitLab EE versions 18.11 through 18.11.3 GitLab EE versions 19.0 through 19.0.0 Description An issue exists where authenticated users with developer-role permissions can bypass flow restrictions under...

CNNVD•added 2026/05/27 12:0 a.m.•5 views

Exploits0References6

Unzip 安全漏洞

Unzip is a Golang.zip decompression tool developed by Yige’s developers. Versions of Unzip prior to 2.215 contained security vulnerabilities. These vulnerabilities stemmed from failing to catch exceptions when parsing zip headers with incorrect DOS date formats. As a result, an exception was thro...

5.5CVSS5.8AI score0.00013EPSS

Exploits0References4

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-44067

Name of the Vulnerable Software and Affected Versions GitLab EE versions 11.5 through 18.10.6 GitLab EE versions 18.11 through 18.11.3 GitLab EE versions 19.0 through 19.0.0 Description An improper authorization check allows an authenticated user with developer-role permissions to access sensitiv...

4.3CVSS5.8AI score0.00011EPSS

Exploits0References6

CNNVD•added 2026/05/27 12:0 a.m.•4 views

GitLab Enterprise Edition（EE）安全漏洞

GitLab Enterprise Edition EE is a content management system developed by the American company GitLab. There were security vulnerabilities in versions of GitLab Enterprise Edition EE from 18.7 to 18.10.7, from version 18.11 to 18.11.4, and from version 19.0 to 19.0.1. These vulnerabilities stemmed...