Book a demo

Developer Tools

Selected category
15 Jan 2026
Nexus: Reflected Cross-Site Scripting Vulnerability

In Nexus Repository 3 versions 3.82.0 through 3.87.1 a medium severity vulnerability CVE-2026-0601 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary JavaScript in a victim’s browser via a specially crafted request that requires user interaction, leading to reflected cross-site scripting attacks. To address this issue, users should upgrade Nexus Repository 3 to version 3.88.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-0601.

 Read more Newsflash Developer Tools
12 Jan 2026
GitLab: Information Disclosure via Asset Proxy Bypass Using Crafted Images

In GitLab CE/EE versions from 10.3 before 18.5.5, 18.6 before 18.6.3 and 18.7 before 18.7.1 a low severity vulnerability CVE-2025-3950 was detected. This vulnerability allows attackers to expose private or personal information by referencing specially crafted images that bypass GitLab’s asset proxy protection mechanisms. To address this issue, users should upgrade GitLab CE/EE to versions 18.5.5, 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3950.

 Read more Newsflash Developer Tools
12 Jan 2026
GitLab: Stored Cross-Site Scripting via GitLab Flavored Markdown

In GitLab CE/EE versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3 and 18.7 before 18.7.1 a high severity vulnerability CVE-2025-9222 was detected. This vulnerability allows an authenticated attacker to perform stored cross-site scripting (XSS) by exploiting improper input neutralization in GitLab Flavored Markdown, leading to the execution of malicious scripts in users’ browsers. To address this issue, users should upgrade GitLab CE/EE to versions 18.5.5, 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9222.

 Read more Newsflash Developer Tools
5 Jan 2026
Gitea: User Enumeration via Authentication Response Discrepancy

In Gitea versions before 1.25.2 a medium severity vulnerability CVE-2025-69413 was detected. This vulnerability allows attackers to enumerate valid usernames by observing different responses from the /api/v1/user endpoint during failed authentication attempts, depending on whether a username exists. To address this issue, users should upgrade Gitea to version 1.25.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-69413.

 Read more Newsflash Developer Tools
31 Dec 2025
Jenkins: Unauthenticated Remote Code Execution via CLI Deserialization

In Jenkins versions 2.56 and earlier, including LTS 2.46.1 and earlier a critical severity vulnerability CVE-2017-1000353 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary code by sending a serialized Java SignedObject to the Jenkins CLI, bypassing existing blacklist-based protections. To address this issue, users should upgrade Jenkins to version 2.57 or LTS 2.46.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-1000353.

 Read more Newsflash Developer Tools
29 Dec 2025
Gitea: API Token Scope Bypass Allows Unauthorized Access to Private Resources

In Gitea versions before 1.22.3 a medium severity vulnerability CVE-2025-68941 was detected. This vulnerability allows attackers to access private resources by using an API token that is restricted to public scopes, due to improper enforcement of access controls. To address this issue, users should upgrade Gitea to version 1.22.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68941.

 Read more Newsflash Developer Tools
29 Dec 2025
Gitea: Improper Branch Deletion Permission Enforcement After Pull Request Merge

In Gitea versions before 1.22.5 a low severity vulnerability CVE-2025-68940 was detected. This vulnerability allows attackers to delete branches without proper authorization after a pull request has been merged, due to insufficient enforcement of branch deletion permissions. To address this issue, users should upgrade Gitea to version 1.22.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68940.

 Read more Newsflash Developer Tools
29 Dec 2025
Gitea: Attachment Upload Restriction Bypass via Attachment Name Manipulation

In Gitea versions before 1.23.0 a high severity vulnerability CVE-2025-68939 was detected. This vulnerability allows attackers to bypass forbidden file extension restrictions by modifying attachment names through the Attachment API, enabling the upload of potentially dangerous files. To address this issue, users should upgrade Gitea to version 1.23.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68939.

 Read more Newsflash Developer Tools
29 Dec 2025 DevOps
Gitea: Unauthorized Release Deletion Due to Improper Authorization

In Gitea versions before 1.25.2 a medium severity vulnerability CVE-2025-68938 was detected. This vulnerability allows attackers to delete releases without proper authorization due to insufficient permission checks during the release deletion process. To address this issue, users should upgrade Gitea to version 1.25.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68938.

 Read more Developer Tools