appsec.fyi · Sources

advisories.gitlab.com

17 curated AppSec resources from advisories.gitlab.com across 6 topics on appsec.fyi.

advisories.gitlab.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-22.

SSRF 10 Deser 2 Secrets 2 IDOR 1 SSTI 1 XSS 1
Date Added Resource Excerpt
2026-04-22 2026CVE-2026-33154: Dynaconf RCE via Insecure Jinja Template EvaluationSSTICVE-2026-33154: Dynaconf RCE via Insecure Jinja Template Evaluation
2026-04-22 2026CVE-2026-5807: HashiCorp Vault DoS via Unauthenticated Root Token GenerationSecretsCVE-2026-5807: HashiCorp Vault DoS via Unauthenticated Root Token Generation
2026-04-22 2026CVE-2026-3605: HashiCorp Vault KVv2 Metadata Policy Bypass (DoS)SecretsCVE-2026-3605: HashiCorp Vault KVv2 Metadata Policy Bypass (DoS)
2026-04-22 2026CVE-2025-64431: IDOR in ZITADEL Organization API Allows Cross-Tenant TamperingIDORCVE-2025-64431: IDOR in ZITADEL Organization API Allows Cross-Tenant Tampering
2026-04-10 2026CVE-2026-27127: Craft CMS Cloud Metadata SSRF via DNS RebindingSSRFCVE-2026-27127: Craft CMS Cloud Metadata SSRF via DNS Rebinding
2026-04-10 2026CVE-2026-33728: dd-trace-java Unsafe Deserialization in RMIDeserCVE-2026-33728: dd-trace-java Unsafe Deserialization in RMI
2026-04-10 2026CVE-2026-33439: OpenAM Pre-Auth RCE via DeserializationDeserCVE-2026-33439: OpenAM Pre-Auth RCE via Deserialization
2026-04-10 2026DbGate Stored XSS to RCE in Electron (CVE-2026-34725)XSSDbGate Stored XSS to RCE in Electron (CVE-2026-34725)
2026-04-09 2026FastMCP SSRF & Path Traversal via OpenAPI Provider (CVE-2026-32871)SSRFFastMCP SSRF & Path Traversal via OpenAPI Provider (CVE-2026-32871)
2026-04-09 2026Docker Model Runner SSRF in OCI Registry (CVE-2026-33990)SSRFDocker Model Runner SSRF in OCI Registry (CVE-2026-33990)
2026-04-09 2026AVideo SSRF Protection Bypass via Extension Allowlist (CVE-2026-39370)SSRFAVideo SSRF Protection Bypass via Extension Allowlist (CVE-2026-39370)
2026-04-09 2026AVideo Stored SSRF via Live Restream Log Callback (CVE-2026-39368)SSRFAVideo Stored SSRF via Live Restream Log Callback (CVE-2026-39368)
2026-04-09 2026mcp-from-openapi SSRF via $ref Dereferencing (CVE-2026-39885)SSRFmcp-from-openapi SSRF via $ref Dereferencing (CVE-2026-39885)
2026-04-09 2026Directus SSRF Bypass via IPv4-Mapped IPv6 Addresses (CVE-2026-35409)SSRFDirectus SSRF Bypass via IPv4-Mapped IPv6 Addresses (CVE-2026-35409)
2026-04-09 2026Payload CMS Authenticated SSRF via Upload (CVE-2026-34746)SSRFPayload CMS Authenticated SSRF via Upload (CVE-2026-34746)
2026-04-09 2026Ech0: Unauthenticated SSRF to Cloud Metadata (CVE-2026-35037)SSRFEch0: Unauthenticated SSRF to Cloud Metadata (CVE-2026-35037)
2026-04-09 2026Craft CMS Cloud Metadata SSRF Bypass via IPv6 (CVE-2026-27129)SSRFCraft CMS Cloud Metadata SSRF Bypass via IPv6 (CVE-2026-27129)