CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-24601

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.00185EPSS

Exploits0References2

Tenable Nessus•added 2025/08/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2022-1999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain...

5.3CVSS5.5AI score0.00151EPSS

Exploits0References2

Tenable Nessus•added 2025/08/14 12:0 a.m.•5 views

GitLab 18.2 < 18.2.2 (CVE-2025-7739)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scriptin...

8.7CVSS5.6AI score0.00185EPSS

Exploits0References4

NVD•added 2025/08/13 6:15 p.m.•4 views

CVE-2025-7739

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions...

8.7CVSS0.00185EPSS

Exploits0References2

Cvelist•added 2025/08/13 5:26 p.m.•5 views

CVE-2025-7739 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

8.7CVSS0.00185EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 5:40 a.m.•3 views

CVE-2023-0120

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user...

4.3CVSS6.8AI score0.00112EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:27 a.m.•5 views

CVE-2019-15724

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection...

6.1CVSS6.3AI score0.00115EPSS

Exploits0References1

Zero Day Initiative•added 2024/04/01 12:0 a.m.•14 views

GitLab Label Description Uncontrolled Resource Consumption Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of GitLab. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of label descriptions. By sending a crafted request, an attacker can consu...

4.3CVSS6.6AI score0.00025EPSS

Exploits0References1

Prion•added 2023/09/01 11:15 a.m.•29 views

Input validation

4CVSS4.5AI score0.00112EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2023/09/01 12:0 a.m.•2 views

PT-2023-16027 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 10.0 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered due to improper permission validation, allowing an unauthorized user to edit label...

4.3CVSS6.7AI score0.00112EPSS

Exploits0References10

ATTACKERKB•added 2022/07/01 5:15 p.m.•2 views

CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

5.3CVSS6AI score0.00151EPSS

Exploits0References3Affected Software1

OSV•added 2022/07/01 5:15 p.m.•2 views

UBUNTU-CVE-2022-1999

5.3CVSS5.7AI score0.00151EPSS

Exploits0References4

OSV•added 2022/07/01 4:6 p.m.•15 views

CVE-2022-1999

3.1CVSS5AI score0.00151EPSS

Exploits0References4

OSV•added 2022/01/13 12:1 a.m.•0 views

GHSA-VQWG-4V6F-H6X5 Stored XSS vulnerability in Matrix Project Plugin

Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...

5.4CVSS7.2AI score0.02892EPSS

Exploits0References7

ATTACKERKB•added 2022/01/12 8:15 p.m.•4 views

CVE-2022-20615

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

5.4CVSS6.5AI score0.02892EPSS

Exploits0References4

Prion•added 2019/09/16 5:15 p.m.•16 views

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection...

4.3CVSS6.3AI score0.00115EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/09/16 4:48 p.m.•18 views

CVE-2019-15724

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection...

6.8AI score0.00115EPSS

Exploits0References2