Lucene search
K

1981 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.7 views

CVE-2022-0123

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services...

6.8CVSS6.6AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.7 views

CVE-2021-22234

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server...

9.6CVSS6.4AI score0.00997EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.15 views

CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...

10CVSS6.1AI score0.13227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.25 views

CVE-2025-1110

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query...

4.3CVSS6.4AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:36 a.m.10 views

CVE-2019-7549

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job informatio...

4.3CVSS6.4AI score0.00958EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.11 views

CVE-2019-7176

An issue was discovered in GitLab Community and Enterprise Edition 8.x starting in 8.9, 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility...

4.3CVSS6.5AI score0.00923EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.9 views

CVE-2019-12444

An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability...

6.1CVSS5.8AI score0.00691EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.5 views

CVE-2019-12428

An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization...

9.8CVSS6.8AI score0.01352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.6 views

CVE-2019-12446

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

7.5CVSS6.5AI score0.01155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.5 views

CVE-2019-12430

An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection...

8.8CVSS6.9AI score0.02644EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.6 views

CVE-2019-12443

An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery SSRF vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks...

9.8CVSS6.8AI score0.0121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.7 views

CVE-2019-12434

An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure...

4.3CVSS6.5AI score0.00751EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.10 views

CVE-2025-1072

A Denial of Service DoS issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer...

6.5CVSS6.3AI score0.00496EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.2 views

CVE-2025-1478

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service...

7.5CVSS6.2AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.5 views

CVE-2025-1516

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service...

7.5CVSS6.2AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.8 views

CVE-2025-1754

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource...

5.3CVSS6.2AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.5 views

CVE-2025-1477

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoin...

7.5CVSS6.9AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.20 views

CVE-2025-1908

An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

7.7CVSS6.5AI score0.0034EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.7 views

CVE-2025-1763

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

8.7CVSS6.7AI score0.00522EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:8 a.m.9 views

CVE-2024-2279

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...

8.7CVSS6.4AI score0.0058EPSS
Exploits1References1
Rows per page
Query Builder