CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/27 12:15 p.m.•2 views

BIT-GITLAB-2026-2745 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

8.1CVSS5.9AI score0.00097EPSS

OSV•added 2026/03/27 12:14 p.m.•2 views

BIT-GITLAB-2026-1724 Missing Authentication for Critical Function in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control...

7.5CVSS5.9AI score0.00028EPSS

OSV•added 2026/03/27 12:11 p.m.•3 views

BIT-GITLAB-2025-14595 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...

4.3CVSS5.9AI score0.00019EPSS

OSV•added 2026/03/27 12:11 p.m.•2 views

BIT-GITLAB-2025-13436 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...

6.5CVSS5.9AI score0.00056EPSS

OSV•added 2026/03/27 12:11 p.m.•4 views

BIT-GITLAB-2025-13078 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configurati...

6.5CVSS5.9AI score0.00029EPSS

RedhatCVE•added 2026/03/26 5:1 p.m.•4 views

CVE-2026-4363

GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisio...

3.7CVSS5.8AI score0.00019EPSS

RedhatCVE•added 2026/03/26 5:1 p.m.•2 views

CVE-2025-14595

4.3CVSS5.8AI score0.00019EPSS

RedhatCVE•added 2026/03/26 5:1 p.m.•3 views

CVE-2025-13078

6.5CVSS5.8AI score0.00029EPSS

RedhatCVE•added 2026/03/26 5:1 p.m.•2 views

CVE-2025-13436

6.5CVSS5.8AI score0.00056EPSS

RedhatCVE•added 2026/03/26 5:0 p.m.•2 views

CVE-2026-2973

5.4CVSS6.1AI score0.00042EPSS

RedhatCVE•added 2026/03/26 5:0 p.m.•2 views

CVE-2026-2726

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...

4.3CVSS5.8AI score0.00019EPSS

7.5CVSS5.8AI score0.00028EPSS

CVE-2026-1724

8.1CVSS5.8AI score0.00097EPSS

CVE-2026-2745

7.5CVSS5.8AI score0.00242EPSS

CVE-2026-3988

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...

RedhatCVE•added 2026/03/26 5:0 p.m.•2 views

CVE-2026-2995

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...

7.7CVSS5.8AI score0.00085EPSS

8.1CVSS6.1AI score0.00014EPSS

CVE-2026-3857

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...

RedhatCVE•added 2026/03/26 3:19 p.m.•2 views

CVE-2025-12704

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...

4.3CVSS5.8AI score0.00018EPSS

RedhatCVE•added 2026/03/26 3:19 p.m.•3 views

CVE-2025-12697

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

4.4CVSS5.8AI score0.00015EPSS

RedhatCVE•added 2026/03/26 3:14 p.m.•3 views

CVE-2025-12555

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline job information on projects with repository and CI/CD...

4.3CVSS5.8AI score0.00019EPSS