Lucene search
K

39 matches found

UbuntuCve
UbuntuCve
added 2025/08/13 6:15 p.m.2 views

CVE-2025-7734

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content...

8.7CVSS6AI score0.00289EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/13 6:15 p.m.0 views

CVE-2024-12303

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting...

6.7CVSS5.8AI score0.00374EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/13 6:15 p.m.2 views

CVE-2025-8770

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/08/13 6:15 p.m.3 views

CVE-2025-2614

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resourc...

6.5CVSS5.8AI score0.00337EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/13 6:15 p.m.2 views

CVE-2025-1477

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoin...

7.5CVSS5.8AI score0.00423EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/07/24 7:15 a.m.2 views

CVE-2025-7001

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resourcegroup information through the API which should have been unavailable...

4.3CVSS5.8AI score0.00383EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/07/24 7:15 a.m.5 views

CVE-2025-4976

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...

5.3CVSS5.8AI score0.00392EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.4 views

CVE-2023-0508

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API...

4.3CVSS4.7AI score0.00757EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/05/22 3:16 p.m.6 views

CVE-2025-0993

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources...

7.5CVSS7.2AI score0.00484EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/03/27 1:15 p.m.9 views

CVE-2024-9773

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicio...

8CVSS6AI score0.00238EPSS
Exploits1References3
Chainguard
Chainguard
added 2025/02/25 1:11 p.m.6 views

GHSA-J94V-JXMV-27R2 vulnerabilities

Vulnerabilities for packages: gitlab-runner-fips, gitlab-cng-fips...

5.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2025/02/12 3:15 p.m.7 views

CVE-2025-1042

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way...

7.5CVSS5.9AI score0.00406EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 1:37 p.m.6 views

CVE-2020-26405

Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are =12.8, =13.4, =13.5, 13.5.2...

7.1CVSS6.5AI score0.01434EPSS
Exploits0References5
Chainguard
Chainguard
added 2024/12/12 12:15 p.m.11 views

CVE-2024-8179 vulnerabilities

Vulnerabilities for packages: gitlab-cng-fips...

5.4CVSS7.3AI score0.00317EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.14 views

CVE-2024-12570

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...

6.7CVSS5.8AI score0.00425EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/11/26 7:15 p.m.8 views

CVE-2024-11669

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes...

7.5CVSS5.9AI score0.00504EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/11/14 2:15 p.m.11 views

CVE-2024-9633

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain,...

7.5CVSS5.8AI score0.00437EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/06/08 7:15 p.m.11 views

CVE-2021-22221

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited...

6.5CVSS6.5AI score0.00767EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/03/17 12:0 a.m.54 views

Debian: Security Advisory (DSA-4145-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.5AI score0.05705EPSS
Exploits1References4
Rows per page
Query Builder