Lucene search
K

2889 matches found

Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-7492 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS0.00254EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 4:34 a.m.37 views

CVE-2026-5796 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS0.00193EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.20 views

Linux Distros Unpatched Vulnerability : CVE-2026-9204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain...

6.5CVSS5.7AI score0.00247EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/11 1:25 p.m.13 views

free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence

Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...

5.9AI score0.00084EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/11 12:16 p.m.13 views

CVE-2026-10733

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization...

4.3CVSS0.0022EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 10:21 a.m.34 views

CVE-2026-1500 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to cause denial of service due to uncontrolled resource consumption when processing ...

6.5CVSS0.00321EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 10:21 a.m.34 views

CVE-2026-3553

GitLab CE/EE was vulnerable to an incorrect authorization check that could allow an authenticated user to view confidential issue details. Affected versions were all 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. The issue has been remediated in patch releases: GitLab 18.10.8,...

3.1CVSS5.5AI score0.00236EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-3254

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

3.5CVSS5.5AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44598

A flaw was found in Apache Shiro, specifically within the shiro-jakarta-ee integration module. A remote attacker with valid login credentials could exploit this vulnerability by forging the shiroSavedRequest cookie. This unvalidated cookie can be manipulated to send an HTTP GET request from the...

5.4CVSS6AI score0.00383EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-1402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

6.5CVSS5.8AI score0.00471EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 7:16 p.m.16 views

CVE-2026-1402

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation...

6.5CVSS0.00471EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:55 p.m.42 views

CVE-2026-1402

GitLab CVE-2026-1402 affects GitLab CE/EE, before versions 18.10.7 (17.1–pre 18.10.7), 18.11 before 18.11.4, and 19.0 before 19.0.1. The issue allowed an authenticated user to trigger a denial of service due to insufficient validation. The vulnerability has been remediated in the provided patch r...

6.5CVSS5.8AI score0.00471EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/27 5:16 p.m.17 views

CVE-2026-44323

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

6.5CVSS0.0035EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:45 p.m.13 views

CVE-2026-44323

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

4.3CVSS5.8AI score0.0035EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 3:45 p.m.9 views

CVE-2026-44323 free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

4.3CVSS5.8AI score0.0035EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/27 3:45 p.m.12 views

EUVD-2026-32575

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

4.3CVSS5.8AI score0.0035EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/27 3:45 p.m.45 views

CVE-2026-44323 free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

4.3CVSS0.0035EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-44598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/25 11:19 p.m.12 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in handling shiroSavedRequest cookies, which use unprotected/unencrypted values for SAVEDREQUESTKEY. An authenticated user can cause the server to make blind HTTP GET requests to arbitrary URLs or redirect users to untrust...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.8 views

cloud.opencode.base:opencode-base-token (=1.0.0), com.flowlogix.depchain:shiro-jakarta (>=18 <=119) +22 more potentially affected by CVE-2026-44598 via org.apache.shiro:shiro-jakarta-ee (>=2.0.0-alpha-1 <=2.1.0)

org.apache.shiro:shiro-jakarta-ee MAVEN version =2.0.0-alpha-1, =18, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.82.10, =0.82.10, =4.7.0, =3.10.0, =3.10.0, =3.10.0, =4.5.0, =4.20.0 and more Source cves: CVE-2026-44598 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-17115416...

5.4CVSS5.5AI score0.00383EPSS
Exploits0
Rows per page
Query Builder