Lucene search
+L

21723 matches found

Nuclei
Nuclei
added 2 days ago68 views

Gitlab CE/EE 10.5 - Server-Side Request Forgery

GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar...

9.8CVSS7.9AI score0.53372EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago255 views

GitLab CE/EE - Remote Code Execution

GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modi...

9.9CVSS8.5AI score0.76884EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago163 views

GitLab CE/EE - Remote Code Execution

GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for...

10CVSS7.2AI score0.99731EPSS
Exploits30
Nuclei
Nuclei
added 3 days ago107 views

GitLab CE/EE - Hard-Coded Credentials

GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML, allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab...

9.8CVSS7.1AI score0.76177EPSS
Exploits3
Nuclei
Nuclei
added 3 days ago142 views

GitLab GraphQL API User Enumeration

An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses. id: CVE-2021-4191 info: name: GitLab GraphQL API User Enumeration author: zsusac severity: medium description: An unauthenticated remote attacker can leverage thi...

5.3CVSS6.8AI score0.80004EPSS
Exploits4References5
Nuclei
Nuclei
added 3 days ago122 views

GitLab 16.0.0 - Path Traversal

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups id: CVE-2023-2825 info: name:...

10CVSS7AI score0.71641EPSS
Exploits5References5
Chainguard
Chainguard
added 4 days ago5 views

GHSA-PGGX-2V9R-J6GM vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce...

6.1AI score
Exploits0
Chainguard
Chainguard
added 4 days ago6 views

GHSA-M49F-RVV4-R4RV vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce...

6.1AI score
Exploits0
Chainguard
Chainguard
added 4 days ago6 views

CVE-2026-13320 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce...

7.3CVSS7AI score0.00243EPSS
Exploits0
Chainguard
Chainguard
added 4 days ago6 views

CVE-2025-12506 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce...

4.3CVSS6.1AI score0.00187EPSS
Exploits0
Chainguard
Chainguard
added 4 days ago7 views

CVE-2026-7492 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce...

5.3CVSS6.1AI score0.00254EPSS
Exploits0
Chainguard
Chainguard
added 4 days ago6 views

GHSA-H5PW-H3J7-CJ7F vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce...

6.1AI score
Exploits0
NVD
NVD
added 6 days ago10 views

CVE-2026-61462

mcp-gitlab contains a path traversal vulnerability in the jobid parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted jobid values like ../../../user to escape the intended path prefix and access arbitrary GitLab API...

9.2CVSS0.0038EPSS
Exploits0References4
CVE
CVE
added 6 days ago10 views

CVE-2026-61462

CVE-2026-61462 affects mcp-gitlab. A path traversal weakness exists in the build/index.js job_id parameter, allowing an attacker to escape the intended path prefix (e.g., using ../../../user) and redirect GitLab API requests to arbitrary endpoints. This can enable access to arbitrary GitLab API r...

9.2CVSS6.2AI score0.0038EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago3 views

CVE-2026-61462

mcp-gitlab contains a path traversal vulnerability in the jobid parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted jobid values like ../../../user to escape the intended path prefix and access arbitrary GitLab API...

9.2CVSS6.2AI score0.0038EPSS
Exploits0References5
OSV
OSV
added 6 days ago6 views

CVE-2026-61462 mcp-gitlab Path Traversal via job_id Parameter

mcp-gitlab contains a path traversal vulnerability in the jobid parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted jobid values like ../../../user to escape the intended path prefix and access arbitrary GitLab API...

9.2CVSS6.2AI score0.0038EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-57839

Name of the Vulnerable Software and Affected Versions mcp-gitlab versions prior to 2.1.18 Description A path traversal issue exists in the job id parameter within the build/index.js file. This allows attackers to escape the intended path prefix by providing crafted values, such as ../../../user, ...

9.2CVSS6.2AI score0.0038EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/07/09 9:39 a.m.5 views

CVE-2026-6352

A flaw was found in GitLab Enterprise Edition EE. An authenticated user with auditor-level access could modify compliance violation records. This was possible due to improper authorization on certain GraphQL operations, allowing them to bypass intended access controls...

2.7CVSS5.9AI score0.00264EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/07/09 9:35 a.m.6 views

CVE-2026-11827

A flaw was found in GitLab EE. An authenticated user with maintainer-role permissions could, under specific conditions, exploit improper authorization controls. This vulnerability allows the user to obtain other users' stored credentials, leading to unauthorized information disclosure...

4.9CVSS5.9AI score0.00255EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/07/09 9:34 a.m.6 views

CVE-2026-13320

A flaw was found in GitLab. Under certain conditions, an authenticated user could exploit improper sanitization of user-supplied input. This vulnerability allows for the execution of arbitrary scripts within another user's browser session, commonly known as Cross-Site Scripting XSS. This could le...

7.3CVSS6.1AI score0.00243EPSS
Exploits0References6
Rows per page
Query Builder