In GitLab CE/EE versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-9958 was detected. This issue could allow Guest users to access sensitive information stored in virtual registry configurations. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9958.
Read more Developer ToolsIn GitLab CE/EE versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 a high severity vulnerability CVE-2025-9642 was detected. This issue could allow an attacker to inject malicious content through cross-site scripting (XSS), potentially leading to account takeover. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9642.
Read more Developer ToolsIn GitLab CE/EE versions from 17.2 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-11042 was detected. This vulnerability allows attackers to cause uncontrolled CPU consumption through specific GraphQL queries, potentially resulting in a Denial of Service (DoS) condition. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11042.
Read more Developer ToolsIn GitLab EE versions from 16.6 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-10871 was detected. This vulnerability allows Project Maintainers to exploit missing authorization checks and assign custom roles with permissions exceeding their own, effectively escalating their privileges. To address this issue, users should upgrade GitLab EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10871.
Read more Developer ToolsIn GitLab CE/EE versions from 17.4 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-10868 was detected. This vulnerability allows attackers to exploit certain string conversion methods, causing performance degradation when processing large inputs. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10868.
Read more Developer ToolsIn GitLab CE/EE versions from 18.1 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a low severity vulnerability CVE-2025-10867 was detected. This vulnerability allows authenticated users to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10867.
Read more Developer ToolsIn GitLab CE/EE versions before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a high severity vulnerability CVE-2025-10858 was detected. This vulnerability allows unauthenticated users to cause a Denial of Service (DoS) condition by uploading specially crafted large JSON files. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10858.
Read more Developer ToolsIn Jenkins versions 2.527 and earlier, and LTS 2.516.2 and earlier a medium severity vulnerability CVE-2025-59476 was detected. This vulnerability allows attackers to forge log entries by injecting line break characters into user-controlled log message content, potentially misleading administrators reviewing logs. To address this issue users must upgrade to Jenkins weekly 2.528 and to Jenkins LTS 2.516.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-59476.
Read more Developer ToolsIn Jenkins versions 2.527 and earlier, and LTS 2.516.2 and earlier a medium severity vulnerability CVE-2025-59475 was detected. This vulnerability allows attackers without Overall/Read permission to obtain limited information about Jenkins configuration by listing available options in the user profile dropdown menu. To fix this problem, users should upgrade Jenkins to version 2.528 and Jenkins LTS to version 2.516.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-59475.
Read more Developer Tools