CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/xe/vf: Do not expose sysfs attributes that are not applicable to VFs. VFs cannot read the BMGPCIECAP0x138340 register, nor can they access the PCODE which is already guarded by the info.skippcode flag. Therefore, we should...

5.8AI score0.00027EPSS

Exploits0References2

OSV•added 2026/05/18 6:10 a.m.•5 views

BIT-GITLAB-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

NVD•added 2026/05/14 6:16 a.m.•3 views

Exploits0References4

CVE-2026-3074

4.3CVSS0.00021EPSS

UbuntuCve•added 2026/05/14 6:16 a.m.•3 views

CVE-2026-3074

EUVD•added 2026/05/14 5:36 a.m.•6 views

Exploits0References4

EUVD-2026-30225

Cvelist•added 2026/05/14 5:36 a.m.•29 views

CVE-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab

4.3CVSS0.00021EPSS

Vulnrichment•added 2026/05/14 5:36 a.m.•2 views

CVE-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab

CVE•added 2026/05/14 5:36 a.m.•18 views

CVE-2026-3074

GitLab CVE-2026-3074 affects GitLab CE/EE: versions 16.7–before 18.9.7, 18.10–before 18.10.6, and 18.11–before 18.11.3. An unauthenticated user could download private debugging symbols from inaccessible projects due to improper access control. Root cause: improper access control. Vectors/exploita...

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/14 12:0 a.m.•6 views

PT-2026-40862

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper access control allows an unauthenticated user to download private debugging symbols from...

CNNVD•added 2026/05/14 12:0 a.m.•5 views

Exploits0References5

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities exist in versions of GitLab CE/EE 16.7 to 18.9.7, 18.10...

4.3CVSS5.9AI score0.00021EPSS

PyPA•added 2026/05/11 4:17 p.m.•13 views

PYSEC-2026-148

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to f...

6.5CVSS5.8AI score0.00031EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/11 2:41 p.m.•27 views

CVE-2026-44200 Wagtail: Improper permission handling when copying pages

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it...

6.5CVSS0.00027EPSS

Cvelist•added 2026/05/11 2:40 p.m.•28 views

CVE-2026-44199 Wagtail: Improper permission handling when deleting form submissions

6.5CVSS0.00031EPSS

SUSE CVE•added 2026/05/08 2:19 a.m.•4 views

SUSE CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS5.7AI score0.00009EPSS