In GitLab CE/EE versions before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-4979 was detected. This vulnerability allows attackers to reveal masked or hidden CI variables in the WebUI (variables they did not create) by adding their own variable and inspecting the HTTP response. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4979.
Read more Developer Tools
In GitLab CE/EE versions from 10.2 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-3111 was detected. This vulnerability is due to insufficient input validation in the Kubernetes integration, allowing an authenticated user to cause a denial of service. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3111.
Read more Developer Tools
In GitLab CE/EE versions before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-2853 was detected. This vulnerability stems from insufficient validation, allowing an authenticated user to cause a denial of service condition. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2853.
Read more Developer Tools
In GitLab CE/EE versions from 18.0 before 18.0.1 a low severity vulnerability CVE-2025-1110 was detected. This vulnerability allows a user with limited permissions to access job data through a crafted GraphQL query under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1110.
Read more Developer Tools
In GitLab CE/EE versions before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a high severity vulnerability CVE-2025-0993 was detected. This vulnerability allows an authenticated attacker to cause a denial of service condition by exhausting server resources. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0993.
Read more Developer Tools
In LibreNMS versions up to and including 25.4.0 a low severity vulnerability CVE-2025-47931 was detected. This vulnerability allows attackers to inject malicious scripts via the group name parameter in the /poller/groups form, potentially executing those scripts when viewed by other users. To address this issue, users should upgrade LibreNMS to version 25.5.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47931.
Read more Monitoring
In Next.js versions prior to 14.2.24 and 15.1.6 a low severity vulnerability CVE-2025-32421 was detected. This race-condition vulnerability in the Pages Router under certain misconfigurations causes normal endpoints to serve `pageProps` data instead of standard HTML. To address this issue, users should upgrade Next.js to versions 15.1.6 or 14.2.24. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32421.
Read more Application Development
In Apache Tomcat versions from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98 a critical severity vulnerability CVE-2025-24813 was detected. This vulnerability allows unauthenticated attackers to upload malicious files and execute arbitrary code on the server due to improper handling of file paths containing internal dots (.), which leads to path equivalence issues under specific non-default configurations. To address this issue, users should upgrade Apache Tomcat to versions 11.0.3, 10.1.35, 9.0.99 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24813.
Read more Application Development
In Apache Tomcat versions from 9.0.76 through 9.0.102, 10.1.10 through 10.1.39 and 11.0.0-M2 through 11.0.5 a high severity vulnerability CVE-2025-31650 was detected. This vulnerability allows improper input validation of HTTP priority headers, leading to memory leaks and potential denial of service (DoS) due to an OutOfMemoryException. To address this issue, users should upgrade Apache Tomcat to versions 9.0.104, 10.1.40 or 11.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31650.
Read more Application Development