CVE-2026-1732 Improper Removal of Sensitive Information Before Storage or Transfer in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances...

CVE-2021-22259

A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API...

EUVD-2019-0675

Malware in sbrugna...

CVE-2020-13261

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-02096)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect version 12.6 and earlier and version 11.4.7 and earlier, which can be exploited by an attacker to inject malicious script into vulnerable form...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-02097)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect version 12.6 and earlier and version 11.4.7 and earlier, which can be exploited by an attacker to inject malicious script into vulnerable form...

CVE-2024-54049 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

CVE-2024-54032 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

PT-2024-9521 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 11.4.7 and earlier Adobe Connect version 12.6 Description: The issue is related to the lack of protection of the web page structure in Adobe Connect, allowing a remote attacker to elevate privileges and execute arbitrar...

PT-2024-9523 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 12.6, 11.4.7 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. An unauthenticated attacker may convince a victim to visit a URL referencing a vulnerable page, allowing...

PT-2024-9656 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 11.4.7 and earlier Adobe Connect version 12.6 Description: The issue is related to insufficient protection of the web page structure, allowing for a reflected Cross-Site Scripting XSS attack. If an attacker can convince...

PT-2024-9655 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 11.4.7 and earlier Adobe Connect version 12.6 Description: The issue is related to insufficient protection of the web page structure, allowing a remote attacker to execute arbitrary code. This is a reflected Cross-Site...

PT-2024-9864 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 12.6, 11.4.7 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. If an attacker convinces a victim to visit a URL referencing a vulnerable page, malicious JavaScript...

UBUNTU-CVE-2024-4210

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files...

NVIDIA CUDA Toolkit < 12.6 (July 2024)

The version of NVIDIA CUDA Toolkit installed on the remote host is prior to 12.6. It is, therefore, affected by a denial of service vulnerability as referenced in the July 2024 advisory. An unauthenticated, local attacker, can exploit this, by deceiving a user into reading a malformed ELF file, t...

GitLab 12.6 < 13.6.7 / 13.7 < 13.7.7 / 13.8 < 13.8.4 (CVE-2021-22177)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. CVE-2021-22177 Note th...

BIT-GITLAB-2022-1426

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed ...

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the...

GSD-2022-1006458 information disclosure in Mac OS version 12.6

Bulletin has no description...

GitLab 12.6.x - 15.0.4, 15.1.x - 15.1.3, 15.2 Information Exposure Vulnerability

GitLab is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...