|
2571
|
5.8 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jir…
|
CWE-441
Confused Deputy
|
CVE-2026-3160
|
2026-05-16 12:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2572
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authent…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6063
|
2026-05-16 12:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2573
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arb…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6073
|
2026-05-16 12:33 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2574
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merg…
|
CWE-862
Missing Authorization
|
CVE-2026-6883
|
2026-05-16 12:33 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2575
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allow…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7377
|
2026-05-16 12:33 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2576
|
7.1 |
HIGH
Network
|
datahub
|
datahub
|
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserializes attacker-controlled Java objects from the REDIRECT_URL HTTP cookie during the…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-44501
|
2026-05-16 12:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2577
|
5.3 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from `ctx…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2025-64526
|
2026-05-16 12:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2578
|
7.2 |
HIGH
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in t…
|
CWE-89
SQL Injection
|
CVE-2026-22599
|
2026-05-16 12:25 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2579
|
6.5 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not invalidate the user's existing refresh-token sessions …
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-22706
|
2026-05-16 12:23 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2580
|
5.4 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restr…
|
CWE-434
CWE-693
Unrestricted Upload of File with Dangerous Type
Protection Mechanism Failure
|
CVE-2026-22707
|
2026-05-16 12:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
