CVE-2025-12575

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services throug...

CVE-2025-12073 Server-Side Request Forgery (SSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing...

PT-2026-7518

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.0 through 18.6.5 GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description An authenticated user could potentially perform server-side request forgery against internal services by...

Opencast 安全漏洞

Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. A security vulnerability exists in Opencast version 18.0 and versions prior to 17.7, which stems from insufficient path traversal protection in the UI...

CVE-2025-5819

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

CVE-2025-8770 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers...

CVE-2025-8770 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers...

CVE-2025-4278 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition EE and GitLab Community Edition CE A security vulnerability...

PT-2024-20320 · Zentao · Zentao

Name of the Vulnerable Software and Affected Versions: Zentao versions 18.0 through 18.10 Description: A remote code execution issue was discovered in Zentao, affecting its checkConnection method. The vulnerability can be exploited via the /app/zentao/module/repo/model.php endpoint, allowing for...

PT-2023-1032 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: Adobe InCopy versions 18.0 and earlier Adobe InCopy versions 17.4 and earlier Description: The issue is related to improper input validation, which could result in arbitrary code execution in the context of the current user. Exploitation of...

PT-2023-1033 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: Adobe InCopy versions 18.0 and earlier Adobe InCopy versions 17.4 and earlier Description: The issue is related to a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability...

IBM Business Process Manager and IBM Business Automation Workflow Cross-Site Scripting Vulnerability (CNVD-2020-54677)

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

CVE-2020-14708

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications component: Segment. Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...