CVE-2025-13436

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...

CVE-2025-13078

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configurati...

UBUNTU-CVE-2025-13436

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...

CVE-2025-13078 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configurati...

CVE-2025-13436

GitLab CVE-2025-13436 affects GitLab CE/EE versions 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. An authenticated user could trigger a Denial of Service via excessive resource consumption when processing certain CI-related inputs. The issue is mitigated by patch releases: 18....

CVE-2025-13436 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...

CVE-2025-13436 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...

CVE-2025-13436

Removed by vendor...

USN-8123-1 mbedtls vulnerabilities

It was discovered that Mbed TLS incorrectly handled memory allocation failures. A remote attacker could possibly use this issue to crash the program. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-44732 Jonathan Winzig discovered that Mbed TLS incorrectly handled crafted...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab CE/EE...

Modoboa 操作系统命令注入漏洞

Modoboa is a mail hosting and management platform developed by the Modoboa team. Versions of Modoboa prior to 2.7.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the execcmd function always running child processes with shell=True, and it...

PT-2026-27804

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.7 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An authenticated user could potentially cause a denial of service due to excessive resource consumption...

PT-2026-27803

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.10 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An authenticated user could potentially cause a denial of service by exploiting excessive resource...

Reliance on Untrusted Inputs in a Security Decision

Overview Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision through spoofed headers in the Rate-Limit process. An attacker can circumvent request throttling by manipulating HTTP headers to appear as different users or clients, potentially...

Reliance on Untrusted Inputs in a Security Decision

Overview Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision through spoofed headers in the Rate-Limit process. An attacker can circumvent request throttling by manipulating HTTP headers to appear as different users or clients, potentially...

CVE-2026-32845 jkuhlmann / cgltf <= 1.15 Sparse Accessor Validation Integer Overflow

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

CVE-2026-4598

A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service DoS by...

CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

K000160420: Linux kernel vulnerabilities CVE-2025-40154

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcrrt5640 driver only shows an error message but leaves as is. This may lead to...