PT-2026-40857

Name of the Vulnerable Software and Affected Versions GitLab EE versions 11.9 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description Improper validation allows an unauthenticated user to cause a denial of service by uploading a specially craft...

PT-2026-40866

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.9.1 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper authorization checks could allow an authenticated user to access confidential issue conten...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE from 15.1 ...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities exist in versions of GitLab CE/EE 17.10 to 18.9.7, 18.1...

PT-2026-40878

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.4 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description Improper input sanitization allows an authenticated user with developer-role permissions to execute arbitrary...

PT-2026-40873

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.11 through 18.11.2 Description Improper sanitization in GitLab CE/EE allows an authenticated user to execute arbitrary code in another user's browser session. This is a Cross-site Scripting XSS issue, which occurs when...

PT-2026-40852

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.11 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where improper input sanitization allows an authenticated user to inject HTML and...

GitLab 跨站脚本漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab prior to 18.9.7, 18.10.6, and 18.11.3 contained a...

GitLab 16.4 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-7481)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in GitLab CVE-2026-7481 Note that Nessus has not tested for this issue but has instead relied only on the application...

GitLab 15.7 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-6883)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2026-6883 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...

GitLab 8.3 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-8280)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Allocation of Resources Without Limits or Throttling in GitLab CVE-2026-8280 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...

GitLab 16.0 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-1322)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Business Logic Errors in GitLab CVE-2026-1322 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...

GitLab 代码注入漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were code injection vulnerabilities in versions of GitLab CE/EE...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE between 18...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.9.7, 18.10.6, and 18.11.3...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE between 18...

PT-2026-40864

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.3 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper access control allows an authenticated user with developer-role permissions to bypass packag...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE from 9.0 to 18.9.7, a...

GitLab 18.3 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-3607)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Access Control Check Implemented After Asset is Accessed in GitLab CVE-2026-3607 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...