Lucene search
+L

19223 matches found

nessus
nessus
added 2026/07/09 12:0 a.m.5 views

FreeBSD : Gitlab -- Vulnerabilities (84ce0c0c-7b4e-11f1-9c40-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 84ce0c0c-7b4e-11f1-9c40-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in vulnerability evidence table renderer impacts...

8.7CVSS7AI score0.00282EPSS
Exploits0References10
nessus
nessus
added 2026/07/09 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-13151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain...

4.3CVSS6.2AI score0.00161EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 9:16 p.m.6 views

CVE-2026-13151

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

4.3CVSS0.00161EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/08 8:46 p.m.33 views

CVE-2026-13151 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

2.7CVSS0.00161EPSS
Exploits0References2
euvd
euvd
added 2026/07/08 8:46 p.m.6 views

EUVD-2026-42403

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

2.7CVSS6AI score0.00161EPSS
Exploits0References2
cve
cve
added 2026/07/08 8:46 p.m.87 views

CVE-2026-13151

CVE-2026-13151: GitLab EE contained an improper authorization control allowing an authenticated user to modify group-level settings beyond their permissions in versions 16.10–18.11.7, 19.0–19.0.3, and 19.1–19.1.1. The issue has been remediated; patches were released (18.11.7, 19.0.4, 19.1.2) and ...

4.3CVSS6AI score0.00161EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/07/08 4:27 p.m.4 views

OPENSUSE-SU-2026:21277-1 Security update for go-sendxmpp

This update for go-sendxmpp fixes the following issues: Changes in go-sendxmpp: - Update to 0.16.0: Added: Add Ox support to http-upload. Add Ox support for private group chats. Show error cause if joining MUCs failedi requires go-xmpp = v0.3.5. Changed: Fix --ox-delete-nodes. Fix receiving of 1-...

9.8CVSS6.8AI score0.00478EPSS
Exploits0References4
cve
cve
added 2026/07/08 1:23 p.m.13 views

CVE-2026-54061

Dgraph Alpha before version 25.3.5 exposes the RPCs for external snapshot import on the public gRPC port :9080 without authentication or authorization, allowing an unauthenticated network client to open StreamExtSnapshot and stream Badger data to the target group’s store. The receiver invokes Pre...

9.1CVSS5.9AI score0.00388EPSS
Exploits0References2
osv
osv
added 2026/07/08 1:23 p.m.4 views

CVE-2026-54061 Dgraph Alpha group stores can be replaced via unauthenticated external snapshot import

Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public gRPC port :9080 without authentication or authorization. As a result, an unauthenticated network client can open StreamExtSnapshot and send...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References4
krebs
krebs
added 2026/07/08 12:31 p.m.8 views

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platfor...

5.9AI score
Exploits0
osv
osv
added 2026/07/08 11:36 a.m.8 views

BIT-PYTHON-MIN-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

5.3CVSS5.9AI score0.00235EPSS
Exploits0References9
osv
osv
added 2026/07/08 11:31 a.m.8 views

BIT-LIBPYTHON-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

5.3CVSS5.9AI score0.00235EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.6 views

PT-2026-56588

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.10 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description Improper authorization controls could allow an authenticated user to modify group-level settings beyond their...

4.3CVSS6.1AI score0.00161EPSS
Exploits0References6
freebsd
freebsd
added 2026/07/08 12:0 a.m.4 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting issue in vulnerability evidence table renderer impacts GitLab EE HTML Injection in wiki markup rendering impacts GitLab CE/EE Insufficiently Protected Credentials issue in repository mirroring impacts GitLab EE Improper Access Control issue in work items impac...

8.7CVSS5.9AI score0.00282EPSS
Exploits0References1
osv
osv
added 2026/07/07 10:16 a.m.3 views

DEBIAN-CVE-2026-14476

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS6AI score0.00501EPSS
Exploits0References1
nvd
nvd
added 2026/07/07 10:16 a.m.10 views

CVE-2026-14476

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS0.00501EPSS
Exploits0References2
euvd
euvd
added 2026/07/07 9:12 a.m.5 views

EUVD-2026-42023

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS5.9AI score0.00501EPSS
Exploits0References2
cve
cve
added 2026/07/07 9:12 a.m.18 views

CVE-2026-14476

CVE-2026-14476 : A path traversal flaw in SSSD’s AD GPO provider (ad_gpo_extract_smb_components()) does not sanitize .. in gPCFileSysPath, enabling an attacker with AD GPO management access to write files outside the GPO cache directory as root. In default RHEL with SELinux enforcing, this can in...

8CVSS5.9AI score0.00501EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/07 9:12 a.m.40 views

CVE-2026-14476 Sssd: sssd: gpo cache path traversal via unsanitized gpcfilesyspath allows kerberos authentication bypass

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS0.00501EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/07/07 9:12 a.m.6 views

CVE-2026-14476

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS5.9AI score0.00501EPSS
Exploits0References3
Rows per page
Query Builder