CVE search results

1 – 10 of 25638 results

Detailed view

Sort by:

Status is adjusted based on your filters.

CVE-2025-5195

Medium priority

Not in release

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading...

1 affected package

gitlab

Package	24.04 LTS
gitlab	Not in release

CVE-2025-0673

Medium priority

Not in release

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of...

1 affected package

gitlab

Package	24.04 LTS
gitlab	Not in release

CVE-2025-5996

Medium priority

Not in release

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause...

1 affected package

gitlab

Package	24.04 LTS
gitlab	Not in release

CVE-2025-4278

Medium priority

Not in release

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

1 affected package

gitlab

Package	24.04 LTS
gitlab	Not in release

CVE-2025-2254

Medium priority

Not in release

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.

1 affected package

gitlab

Package	24.04 LTS
gitlab	Not in release

CVE-2025-1516

Medium priority

Not in release

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.

1 affected package

gitlab

Package	24.04 LTS
gitlab	Not in release

CVE-2025-1478

Medium priority

Not in release

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.

1 affected package

gitlab

Package	24.04 LTS
gitlab	Not in release

CVE-2025-40912

Medium priority

Not affected

CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.

1 affected package

libcryptx-perl

Package	24.04 LTS
libcryptx-perl	Not affected

CVE-2025-0913

Medium priority

Ignored

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when...

15 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS
golang	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Ignored
golang-1.22	Ignored
golang-1.23	Ignored
golang-1.24	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release

CVE-2025-4673

Medium priority

Vulnerable

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

15 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package	24.04 LTS
golang	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Needs evaluation
golang-1.22	Vulnerable
golang-1.23	Needs evaluation
golang-1.24	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release

Export to JSON

Results by page:

Search CVE reports