{
"Source": "CVE FEED",
"Title": "CVE-2026-3119 - Authenticated query containing a TKEY record may cause named to terminate unexpectedly",
"Content": "CVE ID :CVE-2026-3119
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3119 - Authenticated query containing a TKEY record may cause named to terminate unexpectedly",
"Content": "CVE ID :CVE-2026-3119
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3591 - A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass",
"Content": "CVE ID :CVE-2026-3591
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3591 - A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass",
"Content": "CVE ID :CVE-2026-3591
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3104 - Memory leak in code preparing DNSSEC proofs of non-existence",
"Content": "CVE ID :CVE-2026-3104
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3104 - Memory leak in code preparing DNSSEC proofs of non-existence",
"Content": "CVE ID :CVE-2026-3104
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-1519 - Excessive NSEC3 iterations cause high CPU load during insecure delegation validation",
"Content": "CVE ID :CVE-2026-1519
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: ).
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-1519 - Excessive NSEC3 iterations cause high CPU load during insecure delegation validation",
"Content": "CVE ID :CVE-2026-1519
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: ).
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-28529 - cryptodev-linux <= 1.14 get_userbuf use after free lpe",
"Content": "CVE ID :CVE-2026-28529
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of controlled pages to achieve local privilege escalation.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-28529 - cryptodev-linux <= 1.14 get_userbuf use after free lpe",
"Content": "CVE ID :CVE-2026-28529
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of controlled pages to achieve local privilege escalation.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-27260 - Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability",
"Content": "CVE ID :CVE-2025-27260
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Ericsson
Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special
Elements vulnerability which, if exploited, can lead to unauthorized
modification of certain information
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-27260 - Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability",
"Content": "CVE ID :CVE-2025-27260
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Ericsson
Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special
Elements vulnerability which, if exploited, can lead to unauthorized
modification of certain information
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-40841 - Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability",
"Content": "CVE ID :CVE-2025-40841
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead
to unauthorized modification of certain information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-40841 - Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability",
"Content": "CVE ID :CVE-2025-40841
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead
to unauthorized modification of certain information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-40842 - Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability",
"Content": "CVE ID :CVE-2025-40842
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to
unauthorized disclosure and modification of certain information.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-40842 - Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability",
"Content": "CVE ID :CVE-2025-40842
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to
unauthorized disclosure and modification of certain information.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-51347 - LSC Smart Indoor IP Camera Buffer Overflow Vulnerability",
"Content": "CVE ID :CVE-2024-51347
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The time zone (TZ) parameter does not have its length properly validated before being copied into a fixed-size buffer using the insecure strcpy function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-51347 - LSC Smart Indoor IP Camera Buffer Overflow Vulnerability",
"Content": "CVE ID :CVE-2024-51347
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The time zone (TZ) parameter does not have its length properly validated before being copied into a fixed-size buffer using the insecure strcpy function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-51348 - BS Producten Petcam P2P API Stack-Based Buffer Overflow Remote Code Execution",
"Content": "CVE ID :CVE-2024-51348
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution (RCE) by sending a specially crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-51348 - BS Producten Petcam P2P API Stack-Based Buffer Overflow Remote Code Execution",
"Content": "CVE ID :CVE-2024-51348
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution (RCE) by sending a specially crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-51346 - Eufy Homebase 2 Cryptographic Information Disclosure Vulnerability",
"Content": "CVE ID :CVE-2024-51346
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-51346 - Eufy Homebase 2 Cryptographic Information Disclosure Vulnerability",
"Content": "CVE ID :CVE-2024-51346
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4761 - Unnecessary permissions on private keys of certificates installed by Network and Security Wizard",
"Content": "CVE ID :CVE-2026-4761
Published : March 25, 2026, 1:16 p.m. | 1 hour, 27 minutes ago
Description :When
a certificate and its private key are installed in the Windows machine
certificate store using Network and Security tool, access rights to the private
key are unnecessarily
granted to the operator group.
* Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed
*
Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable
Please refer to security bulletin BS-036, available on the Panorama CSIRT website: .
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4761 - Unnecessary permissions on private keys of certificates installed by Network and Security Wizard",
"Content": "CVE ID :CVE-2026-4761
Published : March 25, 2026, 1:16 p.m. | 1 hour, 27 minutes ago
Description :When
a certificate and its private key are installed in the Windows machine
certificate store using Network and Security tool, access rights to the private
key are unnecessarily
granted to the operator group.
* Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed
*
Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable
Please refer to security bulletin BS-036, available on the Panorama CSIRT website: .
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4760 - Potential unauthorized access to files on the Web HMI server host",
"Content": "CVE ID :CVE-2026-4760
Published : March 25, 2026, 1:16 p.m. | 1 hour, 27 minutes ago
Description :From
Panorama Web HMI, an attacker can gain read access to certain Web HMI server
files, if he knows their paths and if these files are accessible to the Servin
process execution account.
* Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
* Installations based on Panorama Suite 2023 (23.00.004) are vulnerable
unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher)
and PS-2300-82-3078
(or higher)
are installed
* Installations based on Panorama Suite 2025 (25.00.016)
are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007)
are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher)
are installed
Please refer to security bulletin BS-035, available on the Panorama CSIRT website: .
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4760 - Potential unauthorized access to files on the Web HMI server host",
"Content": "CVE ID :CVE-2026-4760
Published : March 25, 2026, 1:16 p.m. | 1 hour, 27 minutes ago
Description :From
Panorama Web HMI, an attacker can gain read access to certain Web HMI server
files, if he knows their paths and if these files are accessible to the Servin
process execution account.
* Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
* Installations based on Panorama Suite 2023 (23.00.004) are vulnerable
unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher)
and PS-2300-82-3078
(or higher)
are installed
* Installations based on Panorama Suite 2025 (25.00.016)
are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007)
are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher)
are installed
Please refer to security bulletin BS-035, available on the Panorama CSIRT website: .
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-13078 - Improper Validation of Specified Quantity in Input in GitLab",
"Content": "CVE ID :CVE-2025-13078
Published : March 25, 2026, 4:35 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-13078 - Improper Validation of Specified Quantity in Input in GitLab",
"Content": "CVE ID :CVE-2025-13078
Published : March 25, 2026, 4:35 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-13436 - Allocation of Resources Without Limits or Throttling in GitLab",
"Content": "CVE ID :CVE-2025-13436
Published : March 25, 2026, 4:34 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-13436 - Allocation of Resources Without Limits or Throttling in GitLab",
"Content": "CVE ID :CVE-2025-13436
Published : March 25, 2026, 4:34 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-14595 - Missing Authorization in GitLab",
"Content": "CVE ID :CVE-2025-14595
Published : March 25, 2026, 4:34 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-14595 - Missing Authorization in GitLab",
"Content": "CVE ID :CVE-2025-14595
Published : March 25, 2026, 4:34 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-1724 - Missing Authentication for Critical Function in GitLab",
"Content": "CVE ID :CVE-2026-1724
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-1724 - Missing Authentication for Critical Function in GitLab",
"Content": "CVE ID :CVE-2026-1724
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2745 - Authentication Bypass Using an Alternate Path or Channel in GitLab",
"Content": "CVE ID :CVE-2026-2745
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2745 - Authentication Bypass Using an Alternate Path or Channel in GitLab",
"Content": "CVE ID :CVE-2026-2745
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2726 - Incorrect Authorization in GitLab",
"Content": "CVE ID :CVE-2026-2726
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during cross-repository operations.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2726 - Incorrect Authorization in GitLab",
"Content": "CVE ID :CVE-2026-2726
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during cross-repository operations.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2973 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab",
"Content": "CVE ID :CVE-2026-2973
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in Mermaid diagrams.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2973 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab",
"Content": "CVE ID :CVE-2026-2973
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in Mermaid diagrams.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2995 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab",
"Content": "CVE ID :CVE-2026-2995
Published : March 25, 2026, 4:33 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2995 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab",
"Content": "CVE ID :CVE-2026-2995
Published : March 25, 2026, 4:33 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹