|
101
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' fu…
New
|
CWE-862
Missing Authorization
|
CVE-2025-4202
|
2026-05-16 22:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
8.2 |
HIGH
Network
|
-
|
-
|
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform pro…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-8657
|
2026-05-16 15:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an appli…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8656
|
2026-05-16 15:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-13874
|
2026-05-16 12:38 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject …
Update
|
CWE-94
Code Injection
|
CVE-2025-12669
|
2026-05-16 12:38 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause …
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2025-14869
|
2026-05-16 12:38 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause …
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-14870
|
2026-05-16 12:38 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause den…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-1184
|
2026-05-16 12:37 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
8.1 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read…
Update
|
CWE-840
Business Logic Errors
|
CVE-2026-1322
|
2026-05-16 12:37 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with devel…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-1338
|
2026-05-16 12:36 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
