CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

961 matches found

UbuntuCve•added 2024/06/27 12:15 a.m.•19 views

CVE-2024-4901

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes...

8.7CVSS6.1AI score0.04794EPSS

Exploits0References3

UbuntuCve•added 2024/06/27 12:15 a.m.•19 views

CVE-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project...

7.5CVSS6AI score0.00067EPSS

Exploits0References2

Debian CVE•added 2024/06/26 11:31 p.m.•11 views

CVE-2024-3115

Removed by vendor...

4.3CVSS5.8AI score0.0018EPSS

Exploits0

CVE•added 2024/06/26 11:31 p.m.•194 views

CVE-2024-3115

GitLab Enterprise Edition contains CVE-2024-3115: an issue in GitLab EE that allows an attacker to access issues and epics without an SSO session when using Duo Chat. Affected versions: 16.0–16.11.4, 17.0–17.0.2, and 17.1–17.1.0. MITRE or exploit details are not provided in the documents. Remedia...

4.3CVSS4.5AI score0.0018EPSS

Exploits0References2Affected Software1

Debian CVE•added 2024/06/26 11:30 p.m.•17 views

CVE-2024-6323

Removed by vendor...

7.5CVSS6AI score0.00067EPSS

Exploits0

Vulnrichment•added 2024/06/26 11:30 p.m.•23 views

CVE-2024-6323 Improper Isolation or Compartmentalization in GitLab

7.5CVSS6.4AI score0.00067EPSS

Exploits0References1

OSV•added 2024/05/24 7:18 a.m.•278 views

BIT-GITLAB-2024-4597 Cross-Site Request Forgery (CSRF) in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF...

6.5CVSS5.7AI score0.00021EPSS

Exploits0References2

Debian CVE•added 2024/05/09 1:38 a.m.•32 views

CVE-2024-4539

Removed by vendor...

6.5CVSS5.8AI score0.00023EPSS

Exploits0

OSV•added 2024/05/09 1:38 a.m.•21 views

CVE-2024-4597 Cross-Site Request Forgery (CSRF) in GitLab

5.7CVSS6.4AI score0.00021EPSS

Exploits0References4

Debian CVE•added 2024/05/09 1:38 a.m.•29 views

CVE-2024-4597

Removed by vendor...

6.5CVSS5.8AI score0.00021EPSS

Exploits0

OSV•added 2024/04/25 1:30 p.m.•20 views

CVE-2024-4006 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...

4.3CVSS4.8AI score0.00076EPSS

Exploits1References4

OSV•added 2024/04/12 12:53 a.m.•30 views

CVE-2023-6678 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file...

4.3CVSS6.1AI score0.00023EPSS

Exploits0References5

CVE•added 2024/04/12 12:53 a.m.•72 views

CVE-2023-6678

CVE-2023-6678 affects GitLab EE: all versions before 16.8.6, all 16.9.x prior to 16.9.4, and all 16.10.x prior to 16.10.2. An attacker can cause a denial of service by processing maliciously crafted content in a junit test report file. This vulnerability is documented across multiple sources (Git...

6.5CVSS4.4AI score0.00023EPSS

Exploits0References2Affected Software1

Debian CVE•added 2024/04/12 12:53 a.m.•22 views

CVE-2023-6678

Removed by vendor...

6.5CVSS5.8AI score0.00023EPSS

Exploits0

Positive Technologies•added 2024/04/07 12:0 a.m.•3 views

PT-2025-26319 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 17.0.6 GitLab EE versions 17.1 through 17.1.4 GitLab EE versions 17.2 through 17.2.2 Description: An issue was discovered in GitLab EE where webhook deletion audit log preserved auth credentials. Recommendation...

7.5CVSS6AI score0.00023EPSS

Exploits0References12

CVE•added 2024/03/28 7:17 a.m.•263 views

CVE-2024-2818

CVE-2024-2818 concerns GitLab CE/EE. Affected are all versions before 16.8.5, all 16.9.x before 16.9.3, and all 16.10.x before 16.10.1. An attacker could cause a denial of service by sending a malicious crafted description parameter for labels. The issue’s remediation is to upgrade to the fixed r...

6.5CVSS4.2AI score0.00025EPSS

Exploits0References1Affected Software1

OSV•added 2024/03/06 11:23 a.m.•25 views

BIT-GITLAB-2020-13269

A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1...

6.1CVSS6AI score0.00486EPSS

Exploits0References4

OSV•added 2024/03/06 11:21 a.m.•20 views

BIT-GITLAB-2020-15525

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint...

5.3CVSS5.1AI score0.00118EPSS

Exploits0References4

OSV•added 2024/03/06 11:21 a.m.•22 views

BIT-GITLAB-2020-26406

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are:...

5.3CVSS4.7AI score0.00269EPSS

Exploits0References4

OSV•added 2024/03/06 11:20 a.m.•20 views

BIT-GITLAB-2020-7972

GitLab EE 12.2 has Insecure Permissions issue 2 of 2...

7.5CVSS7.4AI score0.00052EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by