CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3112 matches found

Tenable Nessus•added 2026/04/13 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-12664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have...

7.5CVSS5.9AI score0.00057EPSS

Exploits0References2

Positive Technologies•added 2026/04/13 12:0 a.m.•2 views

PT-2026-32412

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries...

6.5CVSS5.8AI score0.00025EPSS

Exploits0References5

Tenable Nessus•added 2026/04/13 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-1101

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed...

6.5CVSS5.9AI score0.00025EPSS

Exploits0References2

Tenable Nessus•added 2026/04/10 12:0 a.m.•7 views

FreeBSD : Gitlab -- vulnerabilities (099d4998-33cc-11f1-a7d1-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 099d4998-33cc-11f1-a7d1-2cf05da270f3 advisory. Gitlab reports: Exposed Method issue in websocket connections impacts GitLab CE/EE Denial of...

8.5CVSS7.3AI score0.00057EPSS

Exploits0References14

RedhatCVE•added 2026/04/09 7:23 p.m.•3 views

CVE-2026-35523

Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before...

7.5CVSS5.9AI score0.00106EPSS

Exploits0References1

EUVD•added 2026/04/09 12:32 a.m.•5 views

EUVD-2025-209367

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries...

4.3CVSS5.9AI score0.00017EPSS

Exploits0References4

EUVD•added 2026/04/09 12:32 a.m.•5 views

EUVD-2025-209365

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries...

7.5CVSS5.9AI score0.00057EPSS

Exploits0References4

EUVD•added 2026/04/09 12:32 a.m.•2 views

EUVD-2026-20791

6.5CVSS5.9AI score0.00025EPSS

Exploits0References4

Positive Technologies•added 2026/04/09 12:0 a.m.•4 views

PT-2026-31715

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS5.9AI score0.00027EPSS

Exploits0References4