21284 matches found
PT-2026-41650
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...
GHSA-QW64-3X98-G7Q2 vulnerabilities
Vulnerabilities for packages: gitaly, kyverno-fips, terragrunt, gitlab-rails-ce-fips, cerbos, rancher-fleet-fips, rclone, syft, syft-fips, chainloop-cli, skaffold-fips, argo-cd-fips, chainloop-cli-fips, scorecard, rancher-fleet, teleport, seaweedfs-rocksdb, packer-fips, nemo, cerbos-fips,...
CVE-2026-44973 vulnerabilities
Vulnerabilities for packages: gitaly, kyverno-fips, terragrunt, gitlab-rails-ce-fips, cerbos, rancher-fleet-fips, rclone, syft, syft-fips, chainloop-cli, skaffold-fips, argo-cd-fips, chainloop-cli-fips, scorecard, rancher-fleet, teleport, seaweedfs-rocksdb, packer-fips, nemo, cerbos-fips,...
BIT-GITLAB-2026-8280 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation...
BIT-GITLAB-2026-8144 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...
BIT-GITLAB-2026-7481 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...
BIT-GITLAB-2026-7471 Server-Side Request Forgery (SSRF) in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control of a virtual registry upstream to make requests to internal hosts due to improper validation...
CVE-2026-7377
GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...
CVE-2026-7481
GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...
CVE-2026-6335
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...
CVE-2026-6073
GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization...
CVE-2026-3607
creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...
CVE-2026-3073
creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...
CVE-2026-3160
creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...
CVE-2026-4524
creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...
CVE-2026-6883
creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...
CVE-2026-4527
creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...
CVE-2026-6063
creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...
CVE-2026-6335
creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...
CVE-2026-7471
creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...