Lucene search
K

75 matches found

Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-28063

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.10 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An issue exists in GitLab CE/EE that could allow an unauthenticated user to execute arbitrary GraphQL...

8.1CVSS6.1AI score0.00169EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.10 views

GitLab 17.10 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-3857)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute...

8.8CVSS6AI score0.00169EPSS
Exploits0References5
CVE
CVE
added 2026/03/17 3:26 p.m.14 views

CVE-2026-21886

OpenCTI CVE-2026-21886 describes a validation gap in the GraphQL mutation IndividualDeletionDeleteMutation that could let a user delete unrelated or sensitive objects (e.g., analyses, reports) due to lack of contextual checks. Affected software: OpenCTI prior to version 6.9.1. Root cause: API mut...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.12 views

OpenCTI 安全漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.9.1 contained security vulnerabilities. These vulnerabilities were due to a flaw in GraphQL mutations that lacked validation, which could lead to the deletion of irrelevant and...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/12 5:50 p.m.6 views

EUVD-2026-11601

@tinacms/graphql has a Path Traversal issue...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References1
NVD
NVD
added 2026/03/12 5:16 p.m.8 views

CVE-2026-24125

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS0.00426EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/12 4:31 p.m.31 views

CVE-2026-24125 Path Traversal in @tinacms/graphql

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS0.00426EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 4:31 p.m.10 views

CVE-2026-24125

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/12 4:31 p.m.5 views

CVE-2026-24125 Path Traversal in @tinacms/graphql

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-14592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain...

5.3CVSS6.2AI score0.00254EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.8 views

GitLab 18.6 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2025-14592)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an...

5.3CVSS6AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/11 11:34 a.m.28 views

CVE-2025-14592 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...

3.7CVSS0.00254EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 11:34 a.m.289 views

CVE-2025-14592

CVE-2025-14592 affects GitLab CE/EE versions prior to 18.6.6, 18.7 prior to 18.7.4, and 18.8 prior to 18.8.4. The issue enables an authenticated user to perform unauthorized operations by submitting GraphQL mutations via the GLQL API endpoint due to a missing authorization check. Impact is limite...

5.3CVSS5.5AI score0.00254EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 11:34 a.m.4 views

CVE-2025-14592

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...

3.7CVSS5.5AI score0.00254EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/11 11:34 a.m.7 views

CVE-2025-14592 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...

3.7CVSS5.5AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.8 views

PT-2026-7521

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.6 through 18.6.5 GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description An authenticated user could potentially perform unauthorized operations by submitting GraphQL mutations...

5.3CVSS5.3AI score0.00254EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.5 views

CVE-2025-14592

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...

5.3CVSS5.9AI score0.00254EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.4 views

CVE-2025-13781

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...

6.5CVSS6.7AI score0.00406EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 9:7 a.m.7 views

BIT-GITLAB-2025-13781 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...

6.5CVSS6.7AI score0.00406EPSS
Exploits0References4
NVD
NVD
added 2026/01/09 10:15 a.m.9 views

CVE-2025-13781

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...

6.5CVSS0.00406EPSS
Exploits0References3
Rows per page
Query Builder