Skip to main content
CVE-2026-6976 LOW POC PATCH Monitor

Merge request diff manipulation in GitLab CE/EE allows authenticated users with developer-role permissions to hide file changes from code reviewers by exploiting improper input handling of file names, undermining the integrity of the code review process. Publicly available exploit code exists via HackerOne report #3638136 (tagged 'exploit' in vendor references), though no confirmed active exploitation has been recorded in CISA KEV. The vulnerability spans a broad version range from 15.9 through the patched releases, meaning self-managed GitLab deployments without current patch levels are at risk from malicious insiders or compromised developer accounts bypassing review gates.

Gitlab Authentication Bypass
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-3553 LOW POC PATCH Monitor

Incorrect authorization checks in GitLab CE/EE expose confidential issue details to authenticated low-privileged users under specific conditions. The flaw spans an enormous version range starting from 12.0, meaning a large population of self-hosted GitLab instances running unpatched versions is potentially affected. A publicly available exploit was disclosed via HackerOne (report #3578216), which elevates practical risk above what the low CVSS score of 3.1 alone suggests, even though active exploitation has not been confirmed by CISA KEV.

Gitlab Authentication Bypass
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-41000 LOW PATCH Monitor

Replay attack protections in Spring Web Services are silently ineffective across multiple major branches due to Wss4jSecurityInterceptor failing to wire configured Apache WSS4J ReplayCache instances into the RequestData object at validation time. Operators who believe UsernameToken nonce replay, Timestamp replay, and SAML one-time-use checks are enforced are unknowingly running without those controls. A network-positioned attacker can intercept and replay valid WS-Security tokens - including credentials and SAML assertions - to re-execute previously-authorized SOAP operations, with no public exploit identified at time of analysis and no CISA KEV listing.

Apache Java Information Disclosure Spring Web Services
NVD VulDB HeroDevs
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-12017 LOW PATCH Monitor

Site isolation bypass in Google Chrome's Extensions implementation (prior to 149.0.7827.115) enables an attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. This is a chained exploit primitive - it cannot be weaponized standalone and requires a preceding renderer compromise, limiting its practical severity despite the network delivery vector. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis. The low CVSS score of 3.1 reflects the high attack complexity and constrained confidentiality impact.

Authentication Bypass Google
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-12032 LOW PATCH Monitor

Site isolation bypass in Google Chrome for Android (versions prior to 149.0.7827.115) enables an attacker who has already achieved renderer process compromise to cross origin boundaries via a crafted HTML page, potentially exposing password data managed by the browser's Passwords component. The vulnerability is rooted in CWE-346 (Origin Validation Error) - Chrome's Passwords implementation on Android fails to properly enforce origin checks in the context of a compromised renderer. No public exploit identified at time of analysis; the low CVSS base score of 3.1 reflects that exploitation is dependent on a prior renderer compromise, making this a chained-exploitation concern rather than a standalone critical risk.

Authentication Bypass Google
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-47175 LOW PATCH Monitor

Quest Bot (Discord moderation bot) prior to v1.0.4 allows low-privileged moderators to leverage the bot's elevated Discord mention permissions to send @everyone or @here notifications they are not themselves permitted to send. Moderation commands that echo user-supplied reason text in public channel replies do not suppress Discord's mention parser, creating a permission boundary bypass within the Discord API privilege model. No public exploit code exists and no active exploitation has been confirmed, though the conditions for abuse are operationally common in Discord servers where bots hold mention permissions above their moderating users.

Information Disclosure Quest Bot
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-47188 LOW PATCH Monitor

Unsanitized reason text in Quest Bot's /unban and /unwarn Discord commands enables authenticated moderators to trigger mass pings against all server members. Versions prior to 1.0.5 of this open-source Discord moderation bot pass user-controlled reason strings directly into public bot messages without setting Discord's allowedMentions restriction, unlike other moderation commands that already suppress mention parsing. An attacker with moderator-level Discord permissions can embed @everyone or @here in any ban or warn reason to force mass notification delivery to all guild members. No active exploitation has been confirmed and no public exploit code has been identified at the time of analysis.

Information Disclosure Quest Bot
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy