Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-6883 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records. | 2.6 | 0.15% | 2026-05-14 | 2026-06-17 |
| CVE-2026-6533 | Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.15% | 2026-04-30 | 2026-06-17 |
| CVE-2026-3254 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox. | 3.5 | 0.15% | 2026-04-22 | 2026-06-17 |
| CVE-2026-4527 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due to missing CSRF protection. | 6.5 | 0.15% | 2026-05-14 | 2026-06-17 |
| CVE-2025-1754 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage. | 5.3 | 0.15% | 2025-06-26 | 2026-06-17 |
| CVE-2026-15167 | DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | 7.5 | 0.16% | 2026-07-08 | 2026-07-09 |
| CVE-2026-3203 | RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | 5.5 | 0.16% | 2026-02-25 | 2026-06-17 |
| CVE-2026-3202 | NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service | 4.7 | 0.16% | 2026-02-25 | 2026-06-17 |
| CVE-2025-5990 | An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input. | 7.6 | 0.16% | 2025-06-15 | 2026-06-17 |
| CVE-2026-6870 | GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.16% | 2026-04-30 | 2026-06-17 |
| CVE-2026-6530 | DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.16% | 2026-04-30 | 2026-06-17 |
| CVE-2026-5405 | RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | 7.8 | 0.16% | 2026-04-30 | 2026-06-29 |
| CVE-2026-5403 | SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | 7.8 | 0.16% | 2026-04-30 | 2026-06-29 |
| CVE-2024-6299 | Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date | 4.8 | 0.16% | 2024-06-25 | 2026-06-17 |
| CVE-2026-1282 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. | 3.5 | 0.16% | 2026-02-11 | 2026-06-17 |
| CVE-2026-1094 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI. | 4.6 | 0.16% | 2026-02-11 | 2026-06-17 |
| CVE-2026-6515 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions. | 5.4 | 0.16% | 2026-04-22 | 2026-06-17 |
| CVE-2025-11989 | GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions. | 3.7 | 0.16% | 2025-10-26 | 2026-06-17 |
| CVE-2025-14594 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API. | 3.5 | 0.16% | 2026-02-11 | 2026-06-17 |
| CVE-2025-12575 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. | 5.4 | 0.16% | 2026-02-11 | 2026-06-17 |