Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • DevOps
  • Developer Tools

Developer Tools

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    30 May 2025 DevOps
    Argo CD: Cross-Site Scripting Vulnerability Allowing Arbitrary Actions via API

    In Argo CD versions prior to 2.13.8, 2.14.13 and 3.0.4 a critical severity vulnerability CVE-2025-47933 was detected. This vulnerability allows attackers with repository edit permissions to perform arbitrary actions on behalf of victims through a cross-site scripting (XSS) flaw caused by improper filtering of URL protocols on the repository page. To address this issue, users should upgrade Argo CD to versions 2.13.8, 2.14.13, 3.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47933.

    Read more
    Developer Tools
    30 May 2025 DevOps
    Gitlab: Cross-Site Scripting and Content Security Policy Bypass

    In GitLab EE versions from 16.6 before 17.9.7, 17.10 before 17.10.5 and 17.11 before 17.11.1 a high severity vulnerability CVE-2025-1763 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks and bypass content security policies in a user’s browser under specific conditions. To address this issue, users should upgrade GitLab EE to versions 17.9.7, 17.10.5, 17.11.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1763.

    Read more
    Developer Tools
    26 May 2025 DevOps
    GitLab: Exposure of Full Email Addresses to Unauthorized Users

    In GitLab CE/EE versions from 17.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-0679 was detected. This issue allows unauthorized users to view full email addresses that should be partially obscured under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0679.

    Read more
    Developer Tools
    26 May 2025 DevOps
    GitLab: 2FA Bypass via Group Access Controls

    In GitLab CE/EE versions from 16.8 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-0605 was detected. This issue allows certain users to bypass two-factor authentication requirements due to improper group access controls. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0605.

    Read more
    Developer Tools
    26 May 2025 DevOps
    GitLab: 2FA Bypass via Improper XPath Validation in SAML Responses

    In GitLab CE/EE versions from 11.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2024-12093 was detected. This issue allows a modified SAML response to bypass two-factor authentication requirements under specific conditions due to improper XPath validation. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12093.

    Read more
    Developer Tools
    26 May 2025 DevOps
    GitLab: Branch Name Confusion in Confidential Merge Requests

    In GitLab CE/EE versions from 12.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a low severity vulnerability CVE-2024-9163 was detected. A business logic flaw allows an attacker to cause branch name confusion in confidential merge requests. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9163.

    Read more
    Developer Tools
    26 May 2025 DevOps
    GitLab: DoS via Discord Webhook Integration

    In GitLab CE/EE versions from 11.6 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2024-7803 was detected. This issue allows a Discord webhook integration to potentially cause a denial of service condition. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7803.

    Read more
    Developer Tools
    23 May 2025 DevOps
    GitLab: DoS via Resource Exhaustion by Authenticated User

    In GitLab CE/EE versions before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a high severity vulnerability CVE-2025-0993 was detected. This vulnerability allows an authenticated attacker to cause a denial of service condition by exhausting server resources. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0993.

    Read more
    Developer Tools
    23 May 2025 DevOps
    GitLab: Exposure of Masked CI Variables via WebUI

    In GitLab CE/EE versions before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-4979 was detected. This vulnerability allows attackers to reveal masked or hidden CI variables in the WebUI (variables they did not create) by adding their own variable and inspecting the HTTP response. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4979.

    Read more
    Developer Tools
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy