UBUNTU-CVE-2026-7377

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...

GitLab 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2026-1456)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through...

GitLab 18.5 < 18.5.5 / 18.6 < 18.6.3 / 18.7 < 18.7.1 (CVE-2025-13781)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify...

CVE-2026-1282 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles...

BIT-GITLAB-2025-13761 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially...

PT-2026-1714

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.4 through 18.5.4 GitLab EE versions 18.6 through 18.6.2 GitLab EE versions 18.7 through 18.7.0 Description An authenticated user could potentially access and utilize AI model settings from unauthorized namespaces. This...

Oracle Siebel Server 18.7 <= 19.8 (October 2019 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the October 2019 CPU advisory. - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM component: EAI. Supported versions that are affected are 19.8 and prior. Easily...

Deciso OPNsense Access Control Error Vulnerability

Deciso OPNsense is a FreeBSD-based open source firewall and routing software from Dutch company Deciso. An Access Control Error vulnerability in Deciso OPNsense version 18.7.x prior to 18.7.7, which arises from a network system or product that does not properly restrict access to resources from...