Lucene search
K

5791 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-6896

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS0.00348EPSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-8472

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-13151

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

4.3CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-11827

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS0.00255EPSS
Exploits0References3
CVE
CVE
added 2 days ago34 views

CVE-2026-6352

GitLab EE contains an authorization flaw in GraphQL operations that could allow an authenticated user with auditor-level access to modify compliance violation records. Affected versions include all 18.2-era releases before 18.11.7, all 19.0-era releases before 19.0.4, and all 19.1-era releases be...

2.7CVSS6AI score0.00264EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42407

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS6.2AI score0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42405

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS6AI score0.00243EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42404

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS6AI score0.00255EPSS
Exploits0References3
CVE
CVE
added 2 days ago34 views

CVE-2026-11827

Summary: GitLab EE fixed an issue where an authenticated user with maintainer permissions could obtain another user’s stored credentials due to improper authorization controls. Affected versions (before patches): GitLab EE 9.5 up to 18.11.7, 19.0 up to 19.0.4, and 19.1 up to 19.1.2. Root cause (a...

4.9CVSS6AI score0.00255EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-14891 Nomad vulnerable to sandbox escape in Docker task driver

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42345

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS6AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-56615

Name of the Vulnerable Software and Affected Versions GitLab EE versions 13.11 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description An issue exists where improper sanitization of user-supplied input could allow an authenticated user with...

8.7CVSS6AI score0.00348EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 6:0 a.m.5 views

BIT-GITLAB-2026-0934 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configuratio...

3.8CVSS5.8AI score0.00201EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:16 a.m.13 views

CVE-2026-5796

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 a.m.12 views

CVE-2026-5309

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS0.00171EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 a.m.12 views

CVE-2026-3176

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS0.00182EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 a.m.9 views

CVE-2026-12635

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

3.1CVSS0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 5:16 a.m.12 views

CVE-2026-10086

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of...

8.7CVSS0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 a.m.10 views

CVE-2026-12053

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows...

8.6CVSS0.00328EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 a.m.7 views

CVE-2026-11379

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under...

5.3CVSS0.00188EPSS
Exploits0References2
Rows per page
Query Builder