聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-8330 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint. | 4.4 | 0.12% | 2026-06-25 | 2026-06-25 |
| CVE-2026-5952 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite protected Maven package metadata due to incorrect authorization checks. | 4.3 | 0.21% | 2026-06-25 | 2026-06-25 |
| CVE-2026-5796 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the Package Registry disabled due to incorrect authorization checks in the group packages feature. | 4.3 | 0.19% | 2026-06-25 | 2026-06-25 |
| CVE-2026-5309 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without authorization. | 5.4 | 0.17% | 2026-06-25 | 2026-06-25 |
| CVE-2026-3176 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization checks. | 3.1 | 0.18% | 2026-06-25 | 2026-06-25 |
| CVE-2026-2238 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorization checks. | 5.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-1606 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation. | 4.3 | 0.22% | 2026-06-25 | 2026-06-25 |
| CVE-2026-12635 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through mirror synchronization due to improper URL validation. | 0.0 | 0.17% | 2026-06-25 | 2026-06-25 |
| CVE-2026-12053 | GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows. | 8.6 | 0.33% | 2026-06-25 | 2026-06-25 |
| CVE-2026-11379 | GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions. | 5.3 | 0.19% | 2026-06-25 | 2026-06-25 |
| CVE-2026-10712 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions. | 8.0 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-10086 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of another user's session, due to improper sanitization of user-supplied input. | 8.7 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-0934 | GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configurations despite CI/CD visibility being disabled for the project. | 3.8 | 0.20% | 2026-06-25 | 2026-06-25 |
| CVE-2025-8106 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 无 | 无 | 2026-06-24 | 2026-06-24 |
| CVE-2026-11968 | Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit | 5.5 | 0.12% | 2026-06-24 | 2026-06-25 |
| CVE-2026-6716 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 无 | 无 | 2026-06-18 | 2026-06-18 |
| CVE-2026-10746 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 无 | 无 | 2026-06-18 | 2026-06-18 |
| CVE-2026-8317 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 无 | 无 | 2026-06-17 | 2026-06-17 |
| CVE-2026-9694 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply due to improper neutralization in email template processing. | 2.6 | 0.21% | 2026-06-11 | 2026-06-17 |
| CVE-2026-9204 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources during repository import, due to insufficient validation of secondary URLs. | 5.3 | 0.22% | 2026-06-11 | 2026-06-17 |