Lucene search
K

10 matches found

UbuntuCve
UbuntuCve
added 2025/07/23 6:15 p.m.3 views

CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

8.7CVSS5.8AI score0.00222EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/06/26 6:15 a.m.6 views

CVE-2025-1754

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource...

5.3CVSS5.9AI score0.00231EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/06/20 6:15 p.m.5 views

CVE-2025-2443

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

8.7CVSS5.8AI score0.00322EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/06/12 11:15 a.m.6 views

CVE-2025-0673

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition...

7.5CVSS6AI score0.00515EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/02/12 4:15 p.m.10 views

CVE-2025-0516

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...

4.3CVSS5.9AI score0.00276EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/01/09 7:15 a.m.7 views

CVE-2024-13041

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...

5.4CVSS5.8AI score0.00272EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.15 views

CVE-2024-12292

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs...

4CVSS5.8AI score0.00216EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/11/26 7:15 p.m.9 views

CVE-2024-11669

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes...

7.5CVSS5.9AI score0.00504EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/03/28 8:15 a.m.5 views

CVE-2024-2818

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels...

6.5CVSS5.8AI score0.00945EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/11/04 11:15 p.m.11 views

CVE-2021-39903

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings...

6.5CVSS6.6AI score0.01098EPSS
Exploits0References1
Rows per page
Query Builder