In GitLab CE/EE versions from 2.1.0 up to and including 17.10.7, 17.11.0 to 17.11.3 and 18.0.0 to 18.0.1 a medium severity vulnerability CVE-2025-5996 was detected. This vulnerability allows authenticated attackers to cause a denial of service due to insufficient input validation in HTTP responses. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5996.
Read more Developer Tools
In GitLab EE versions from 12.0 up to and including 17.10.7, 17.11.0 to 17.11.3 and 18.0.0 to 18.0.1 a low severity vulnerability CVE-2025-5982 was detected. This vulnerability allows attackers to bypass IP access restrictions and view sensitive information under certain conditions. To address this issue, users should upgrade GitLab EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5982.
Read more Developer Tools
In GitLab CE/EE versions from 17.9 up to and including 17.10.6, 17.11.0 to 17.11.2 and 18.0.0 a medium severity vulnerability CVE-2025-5195 was detected. This vulnerability allows authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3 or 18.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5195.
Read more Developer Tools
In GitLab CE/EE versions starting from 18.0 before 18.0.2 a high severity vulnerability CVE-2025-4278 was detected. This vulnerability allows attackers to perform HTML injection in the new search page, which under certain conditions could lead to account takeover. To address this issue, users should upgrade GitLab CE/EE to version 18.0.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4278.
Read more Developer Tools
In GitLab CE/EE versions from 17.9 before 17.10.8, 17.11 before 17.11.4 and 18.0 before 18.0.2 a high severity vulnerability CVE-2025-2254 was detected. This vulnerability allows attackers to perform Cross-Site Scripting (XSS) attacks due to improper output encoding in the snippet viewer functionality. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2254.
Read more Developer Tools
In GeoServer versions prior to 2.25.0 a critical severity vulnerability CVE-2024-34711 was detected. This vulnerability allows attackers to perform XML External Entity (XXE) attacks, enabling them to send GET requests to arbitrary HTTP servers. The flaw lies in improper URI validation in XML entity resolution, which can be exploited to scan internal networks and gather sensitive information. To address this issue, users should upgrade GeoServer to versions 2.25.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-34711.
Read more Database
In GeoServer versions prior to 2.24.4 and 2.25.2 a high severity vulnerability CVE-2024-29198 was detected. This vulnerability allows attackers to perform Server-Side Request Forgery (SSRF) via the Demo request endpoint if the Proxy Base URL has not been configured. To address this issue, users should upgrade GeoServer to versions 2.24.4 or 2.25.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-29198.
Read more Database
In Kibana versions before and including 8.12.0 a medium severity vulnerability CVE-2024-43706 was detected. This vulnerability allows attackers to abuse privileges through improper authorization by sending a direct HTTP request to a Synthetic monitor endpoint. To address this issue, users should update Kibana to versions 8.12.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43706.
Read more Data Analytics
In Mattermost versions 10.7.x ≤ 10.7.1, 10.6.x ≤ 10.6.3, 10.5.x ≤ 10.5.4 and 9.11.x ≤ 9.11.13 a medium severity vulnerability CVE-2025-4573 was detected. This vulnerability allows an authenticated administrator with the `PermissionSysconsoleWriteUserManagementGroups` permission to perform LDAP search filter injection through the `PUT /api/v4/ldap/groups/{remote_id}/link` API endpoint when `objectGUID` is improperly validated. To address this issue, users should upgrade Mattermost to versions 10.7.2, 10.6.4, 10.5.5, 9.11.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4573.
Read more Communication