CVE-2026-2104

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...

CVE-2026-34754

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2...

CVE-2026-2104

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...

CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

EUVD-2020-23757

Malware in sbrugna...

CVE-2024-12303 Incorrect Privilege Assignment in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting...

GitLab Information Disclosure Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. An information disclosure vulnerability exists in GitLab EE, which stems from ...

GHSA-F38C-WXP6-8XJV MantisBT Missing Authorization access check in bug_actiongroup.php

An issue was discovered in MantisBT before 2.24.4. A missing access check in bugactiongroup.php allows an attacker with rights to create new issues to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue i.e., one having Private view status, or...

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SALTO ProAccess SPACE vulnerable version: = v5.6 CVE number: CVE-2019-19457, CVE-2019-19458, CVE-2019-19459, CVE-2019-19460...