CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

957 matches found

Vulnrichment•added 2025/02/12 3:30 p.m.•12 views

CVE-2025-0516 Incorrect Authorization in GitLab

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...

4.3CVSS4.4AI score0.00276EPSS

Exploits1References2

Debian CVE•added 2025/02/12 3:30 p.m.•5 views

CVE-2025-0516

Removed by vendor...

4.3CVSS5.8AI score0.00276EPSS

Exploits1

Vulnrichment•added 2025/02/12 3:2 p.m.•12 views

CVE-2025-0376 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page...

8.7CVSS8.1AI score0.00377EPSS

Exploits0References2

CVE•added 2025/02/12 3:2 p.m.•322 views

CVE-2025-0376

CVE-2025-0376 is a cross-site scripting (XSS) vulnerability in GitLab CE/EE. Affected versions are GitLab 13.3 up to 17.6.5, 17.7 up to 17.7.4, and 17.8 up to 17.8.2, where an attacker can modify a page to execute unauthorized actions. Public sources consistently describe the issue as an XSS on a...

8.7CVSS8.1AI score0.00377EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/02/12 12:0 a.m.•3 views

PT-2025-6519 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.1 through 17.6.4 GitLab CE/EE versions 17.7 through 17.7.3 GitLab CE/EE versions 17.8 through 17.8.1 Description: A denial of service vulnerability exists in GitLab CE/EE. An attacker can impact the availability of...

8.5CVSS6.7AI score0.00473EPSS

Exploits1References14

RedhatCVE•added 2025/02/09 2:16 p.m.•7 views

CVE-2024-10383

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...

8.7CVSS5.7AI score0.00263EPSS

Exploits0References1

Cvelist•added 2025/02/07 2:12 p.m.•16 views

CVE-2024-10383 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork

8.7CVSS0.00263EPSS

Exploits0References2

RedhatCVE•added 2025/02/07 12:3 p.m.•6 views

CVE-2024-9631

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow...

7.5CVSS6.4AI score0.00679EPSS

Exploits1References1

OSV•added 2025/02/07 7:10 a.m.•11 views

BIT-GITLAB-2024-9631 Inefficient Algorithmic Complexity in GitLab

7.5CVSS7.2AI score0.00679EPSS

Exploits1References3

NVD•added 2025/02/07 4:15 a.m.•31 views

CVE-2025-1072

A Denial of Service DoS issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer...

6.5CVSS0.00496EPSS

Exploits0References3

Debian CVE•added 2025/02/07 4:5 a.m.•8 views

CVE-2025-1072

Removed by vendor...

6.5CVSS5.8AI score0.00496EPSS

Exploits0

OSV•added 2025/02/07 4:5 a.m.•4 views

CVE-2025-1072 Allocation of Resources Without Limits or Throttling in GitLab

6.5CVSS6.3AI score0.00496EPSS

Exploits0References6

RedhatCVE•added 2025/02/06 4:13 a.m.•5 views

CVE-2021-22241

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name...

8.7CVSS6AI score0.00991EPSS

Exploits0References1

RedhatCVE•added 2025/02/06 3:53 a.m.•5 views

CVE-2021-39946

Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis...

8.7CVSS5.6AI score0.01042EPSS

Exploits0References1

RedhatCVE•added 2025/02/06 3:52 a.m.•7 views

CVE-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

8.7CVSS7.1AI score0.60729EPSS

Exploits0References1

RedhatCVE•added 2025/02/06 12:55 a.m.•4 views

CVE-2022-3060

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...

7.3CVSS6.4AI score0.00895EPSS

Exploits0References1

RedhatCVE•added 2025/02/06 12:46 a.m.•9 views

CVE-2022-3283

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used ...

7.5CVSS6.4AI score0.01349EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 10:49 p.m.•15 views

CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

9.8CVSS6.6AI score0.76177EPSS

Exploits3References1

RedhatCVE•added 2025/02/05 1:42 p.m.•7 views

CVE-2020-13273

A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1...

7.8CVSS6.4AI score0.01187EPSS

Exploits0

Debian CVE•added 2025/02/05 10:30 a.m.•6 views

CVE-2024-9631

Removed by vendor...

7.5CVSS6AI score0.00679EPSS

Exploits1