Lucene search
K

72727 matches found

NVD
NVD
added 2026/04/22 5:16 p.m.8 views

CVE-2026-5262

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...

8CVSS0.00223EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 5:16 p.m.5 views

CVE-2026-1660

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

6.5CVSS0.00402EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:29 p.m.3 views

CVE-2026-3254

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

3.5CVSS5.8AI score0.00152EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/22 4:29 p.m.140 views

CVE-2026-3254

GitLab CVE-2026-3254 affects GitLab CE/EE versions 18.11 and earlier, remediated in 18.11.1. Root cause: improper input validation in the Mermaid sandbox that could allow an authenticated user to load unauthorized content into another user’s browser. Impact limited to potential exposure of unauth...

3.5CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:7 p.m.7 views

CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS5.7AI score0.00134EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 4:7 p.m.11 views

CVE-2026-35347

CVE-2026-35347 affects the uutils coreutils comm utility. The are_files_identical routine opens and reads both input paths to compare content without verifying that inputs are regular files. As a result, feeding non-regular inputs (e.g., FIFOs or pipes) drains the streams before the comparison, c...

4.4CVSS5.7AI score0.00134EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:4 p.m.7 views

CVE-2026-1660 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

6.5CVSS5.8AI score0.00402EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 4:4 p.m.27 views

CVE-2026-1660 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

6.5CVSS0.00402EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 4:4 p.m.19 views

CVE-2026-1660

GitLab CVE-2026-1660 affects GitLab CE/EE versions 12.3–18.9.5, 18.10.0–18.10.3, and 18.11.0–18.11.0 due to improper input validation that could allow an authenticated user to cause a denial of service when importing issues. A patch release has been issued: 18.9.6, 18.10.4, and 18.11.1 (and relat...

6.5CVSS5.8AI score0.00402EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:4 p.m.8 views

CVE-2026-1660

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

6.5CVSS5.8AI score0.00402EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/22 4:4 p.m.12 views

CVE-2026-5262

Summary (CVE-2026-5262) GitLab CE/EE versions affected: 16.1.0 up to but not including 18.9.6, 18.10 up to but not including 18.10.4, and 18.11 up to but not including 18.11.1. The issue allowed an unauthenticated user to access tokens in the Storybook development environment due to improper inpu...

8CVSS5.8AI score0.00223EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:4 p.m.3 views

CVE-2026-5262

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...

8CVSS5.8AI score0.00223EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:4 p.m.6 views

CVE-2026-5262 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...

8CVSS5.8AI score0.00223EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 4:4 p.m.27 views

CVE-2026-5262 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...

8CVSS0.00223EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/22 11:49 a.m.6 views

webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...

5.4CVSS6AI score0.00354EPSS
Exploits2References5
CVE
CVE
added 2026/04/22 9:39 a.m.29 views

CVE-2026-33260

CVE-2026-33260 describes an input-validation flaw in the internal web server that can cause unlimited memory allocation when processing a web request, resulting in denial of service. The issue is documented across multiple feeds (NVD, ENISA EUVD, Debian OSV, CIRCL, etc.), all noting that the inte...

7.5CVSS5.8AI score0.00524EPSS
Exploits0References3Affected Software3
Vulnrichment
Vulnrichment
added 2026/04/22 9:39 a.m.6 views

CVE-2026-33260 Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00524EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 9:39 a.m.28 views

CVE-2026-33260 Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS0.00524EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 9:37 a.m.3 views

CVE-2026-33257 Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 9:37 a.m.21 views

CVE-2026-33257

The CVE-2026-33257 issue enables an attacker to send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. In the provided documents, no concrete product/vendor/version, root cause details ...

7.5CVSS5.8AI score0.00514EPSS
Exploits0References3Affected Software3
Rows per page
Query Builder