CVE-2026-2900 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or dele...

CVE-2026-2900

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or dele...

CVE-2026-2900

Removed by vendor...

CVE-2026-3607

GitLab CE/EE is affected across versions 18.3–18.11 prior to the fixed releases (18.9.7, 18.10.6, and 18.11.3). An authenticated user with developer-role permissions could bypass package protection rules due to improper access control. The issue has a CVSS v3.1 base score of 4.3 (Medium), with ne...

CVE-2026-6063

GitLab EE vulnerability CVE-2026-6063 affects multiple release lines where an authenticated user with developer permissions could remove code owner approval rules from merge requests due to improper access control. Affected versions include all 11.10.x prior to 18.9.7, 18.10.x prior to 18.10.6, a...

CVE-2026-6063 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Security vulnerabilities exist in versions of GitLab EE from 16.10 to...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE 18.3 to 18.9.7, 18.10...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There were security vulnerabilities in versions of GitLab EE from 11.10...

PT-2026-40860

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.10 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description An issue exists where missing authorization checks could allow an authenticated user with Maintainer...

CVE-2026-44372 Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...

CVE-2026-44372

CVE-2026-44372 affects Nitro, a server toolkit, with an Open Redirect via a protocol-relative URL bypass in wildcard route rules. Before the patch, a redirect rule using a wildcard could be manipulated to redirect cross-host by sliding an extra slash after the rule prefix. The issue is fixed in N...

CVE-2026-44373

The CVE-2026-44373 issue affects Nitro (server toolkit) where an attacker could bypass a proxy route rule by sending a percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request outside the configured scope. The vulnerability is tied to Nitro’s routeRules proxy handling...

CVE-2026-0235

CVE-2026-0235 is a race-condition vulnerability in Palo Alto Networks Prisma Browser. The description states that a locally authenticated non-admin user can bypass certain access and data control policies due to this race condition. No specific vulnerable components, versions, or root-cause detai...

CVE-2026-0235 Prisma Browser: Access and Data Rule Bypass

A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies...

CVE-2026-41218

When BIG-IP PEM iRules are configured on a virtual server iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End...

Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server

Summary If you have the MCP Server ID, you can connect to the MCP server even if you don't have permissions to the server. The MCP gateway endpoint /mcp-connect/mcpid does not enforce Access Control Rules ACRs. Any authenticated Obot user who possesses an MCP Server ID can connect to that server...

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform developed by F5 Networks in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a resource management vulnerability in F5 BIG-IP. This vulnerability arises when P...

Nitro 输入验证错误漏洞

Nitro is an open-source, zero-configurable production-level server extension tool developed by Nitro. Versions prior to Nitro 3.0.260429-beta contained a vulnerability related to input validation errors. This vulnerability allowed attackers to convert wildcarded redirect rules into cross-host...

PT-2026-40658

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate when PEM iRules are configured on a...