CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption...

7.5CVSS0.00162EPSS

Exploits0References2

Vulnrichment•added 2025/09/26 9:11 a.m.•1 views

CVE-2025-5069 Incorrect Ownership Assignment in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's...

3.5CVSS6.6AI score0.00009EPSS

Exploits0References2

Vulnrichment•added 2025/09/26 9:4 a.m.•2 views

CVE-2025-10858 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service DoS condition while uploading specifically crafted large JSON files...

7.5CVSS6.5AI score0.00096EPSS

Exploits0References1

CVE•added 2025/09/26 9:4 a.m.•15 views

CVE-2025-10871

CVE-2025-10871 affects GitLab Enterprise Edition (EE) versions: 16.6 and later, up to but not including 18.2.7; 18.3 before 18.3.3; and 18.4 before 18.4.1. The issue allows a project maintainer to assign custom roles to users who have permissions above their own, effectively granting themselves e...

7.2CVSS6.6AI score0.0002EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2025/09/26 12:0 a.m.•4 views

GitLab 17.4 < 18.2.7 / 18.3 < 18.3.3 / 18.4 < 18.4.1 (CVE-2025-10868)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Business Logic Errors in GitLab CVE-2025-10868 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

5.3CVSS5.5AI score0.00015EPSS

Exploits0References3

Tenable Nessus•added 2025/09/26 12:0 a.m.•4 views

GitLab 14.10 < 18.2.7 / 18.3 < 18.3.3 / 18.4 < 18.4.1 (CVE-2025-9958)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive...

7.7CVSS5.5AI score0.00008EPSS

Exploits0References4

Positive Technologies•added 2025/09/25 12:0 a.m.•1 views

PT-2025-39629

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 14.10 through 18.2.6 GitLab CE/EE versions 18.3 through 18.3.2 GitLab CE/EE versions 18.4 through 18.4.0 Description An issue exists that could allow Guest users to access sensitive information stored in virtual registry...

6.8CVSS6.2AI score0.00008EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by