CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 122 results
«« First « Prev Page 1 / 7 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2020-13275 A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 8.0 1.04% 2020-06-19 2026-06-16
CVE-2020-13279 Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system 8.6 1.20% 2020-06-22 2026-06-16
CVE-2020-13292 In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. 9.6 1.00% 2020-08-10 2026-06-16
CVE-2020-13291 In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. 8.1 0.96% 2020-08-12 2026-06-16
CVE-2020-13299 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. 8.1 1.23% 2020-09-14 2026-06-16
CVE-2020-13300 GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. 8.0 1.29% 2020-09-14 2026-06-16
CVE-2020-13321 A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. 8.3 1.40% 2020-09-30 2026-06-16
CVE-2020-13347 A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable. 9.1 2.25% 2020-10-07 2026-06-16
CVE-2020-13340 An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log 8.7 68.64% 2020-10-08 2026-06-16
CVE-2020-13356 An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 8.2 1.76% 2020-11-18 2026-06-16
CVE-2021-22192 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. 9.9 13.11% 2021-03-24 2026-06-16
CVE-2021-22195 Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system 8.6 1.14% 2021-04-01 2026-06-16
CVE-2021-22201 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. 9.6 3.07% 2021-04-02 2026-06-16
CVE-2021-22190 A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token 8.5 1.32% 2021-04-12 2026-06-16
CVE-2021-22205 KEV An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. 10.0 99.73% 2021-04-23 2026-06-16
CVE-2021-22213 A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari 8.8 1.67% 2021-06-08 2026-06-16
CVE-2021-22241 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. 8.7 0.99% 2021-08-05 2026-06-16
CVE-2021-22234 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server. 9.6 1.00% 2021-08-05 2026-06-16
CVE-2021-22242 Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown 8.7 63.55% 2021-08-25 2026-06-16
CVE-2021-39885 A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names 8.7 0.95% 2021-10-04 2026-06-17
«« First « Prev Page 1 / 7 Next »
cvelogic Threat Intelligence