CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 81100 of 1548 results
«« First « Prev Page 5 / 78 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2020-13341 An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. 4.9 1.17% 2020-10-12 2026-06-16
CVE-2020-13342 An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email 2.7 0.87% 2020-10-07 2026-06-16
CVE-2020-13343 An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template 7.5 1.49% 2020-10-06 2026-06-16
CVE-2020-13344 An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis 5.7 0.34% 2020-10-08 2026-06-16
CVE-2020-13345 An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes 5.5 0.88% 2020-10-06 2026-06-16
CVE-2020-13346 Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. 6.5 1.32% 2020-10-07 2026-06-16
CVE-2020-13347 A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable. 9.1 2.25% 2020-10-07 2026-06-16
CVE-2020-13348 An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 5.7 0.79% 2020-11-17 2026-06-16
CVE-2020-13349 An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 4.3 0.90% 2020-11-17 2026-06-16
CVE-2020-13350 CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. 3.1 0.69% 2020-11-17 2026-06-16
CVE-2020-13351 Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. 6.5 1.34% 2020-11-17 2026-06-16
CVE-2020-13352 Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 3.7 1.21% 2020-11-16 2026-06-16
CVE-2020-13353 When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. 2.5 0.27% 2020-11-16 2026-06-16
CVE-2020-13354 A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. 4.3 1.42% 2020-11-16 2026-06-16
CVE-2020-13355 An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 7.5 1.66% 2020-11-18 2026-06-16
CVE-2020-13356 An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 8.2 1.76% 2020-11-18 2026-06-16
CVE-2020-13357 An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project. 4.3 0.76% 2020-12-10 2026-06-16
CVE-2020-13358 A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2. 4.7 0.32% 2020-11-16 2026-06-16
CVE-2020-13359 The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 7.6 0.76% 2020-11-18 2026-06-16
CVE-2020-13360 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none N/A 0.24% 2020-11-18 2023-11-06
«« First « Prev Page 5 / 78 Next »
cvelogic Threat Intelligence