Export limit exceeded: 350976 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350976 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6063 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 4.3 Medium |
| GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge requests due to improper access control. | ||||
| CVE-2026-6073 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 8.7 High |
| GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization. | ||||
| CVE-2026-6335 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 5.4 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization. | ||||
| CVE-2026-7377 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 8.7 High |
| GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization. | ||||
| CVE-2026-6883 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 2.6 Low |
| GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records. | ||||
| CVE-2026-29205 | 2 Webpros, Wordpress | 3 Cpanel, Wp Squared, Wordpress | 2026-05-14 | 8.6 High |
| Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints. | ||||
| CVE-2026-32992 | 1 Webpros | 2 Cpanel, Wp Squared | 2026-05-14 | 8.2 High |
| SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials. | ||||
| CVE-2026-32993 | 1 Webpros | 2 Cpanel, Wp Squared | 2026-05-14 | 8.3 High |
| Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response. | ||||
| CVE-2026-3160 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 5.8 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a display control rather than enforcing access boundaries as specified. | ||||
| CVE-2026-3074 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control. | ||||
| CVE-2026-3073 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to improper authorization checks. | ||||
| CVE-2026-2900 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 2.7 Low |
| GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or delete project approval rules due to missing authorization checks. | ||||
| CVE-2026-3607 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control. | ||||
| CVE-2026-1338 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to delete protected container registry tags due to improper authorization checks. | ||||
| CVE-2026-1322 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 6.8 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read_api scoped OAuth application to create issues and add comments to issues in private projects due to improper authorization. | ||||
| CVE-2026-34187 | 2 Artica, Pandora Fms | 2 Pandora Fms, Pandora Fms | 2026-05-14 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-1184 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 6.5 Medium |
| GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation. | ||||
| CVE-2025-14870 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation. | ||||
| CVE-2026-1659 | 1 Gitlab | 1 Gitlab | 2026-05-14 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted requests due to insufficient input validation. | ||||
| CVE-2026-6474 | 2026-05-14 | 4.3 Medium | ||
| Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | ||||