In Kubernetes versions 1.31.11 and prior, 1.32.7 and prior and 1.33.3 and prior a medium severity vulnerability CVE-2025-5187 was detected. This vulnerability allows an attacker to delete their corresponding node object and then recreate it with modified taints or labels. To address this issue, users should upgradeĀ kube-apiserver binary to versions 1.31.12, 1.32.8, 1.33.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5187.
Read more Developer Tools
In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q2.0 through 2025.Q2.1, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.18 a medium severity vulnerability CVE-2025-43773 was detected. This vulnerability allows for improper access through the expandoTableLocalService. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q2.1, 2025.Q1.15 or 2024.Q1.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43773.
Read more CMS
In Nagios XI versions prior to 2024R1.3.2 a high severity vulnerability CVE-2024-13986 was detected. This vulnerability allows an authenticated attacker to achieve remote code execution by chaining an arbitrary file upload with a path traversal in the Core Config Snapshots interface. To address this issue, users should upgrade Nagios XI to versions 2024R1.3.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13986.
Read more Monitoring
In Next.js versions prior to 14.2.32 and 15.4.7 a medium severity vulnerability CVE-2025-57822 was detected. This vulnerability allows an attacker to perform a Server-Side Request Forgery (SSRF) in self-hosted applications that incorrectly forwarded user-supplied headers. To address this issue, users should upgrade Next.js Middleware to versions 14.2.32 or 15.4.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-57822.
Read more Application Development
In Next.js versions before 14.2.31 and from 15.0.0 to before 15.4.5 a medium severity vulnerability CVE-2025-57752 was detected. This vulnerability allows an attacker to access images from API routes that depend on request headers which could be incorrectly cached and served to unauthorized users. To address this issue, users should upgrade Next.js to versions 14.2.31 or 15.4.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-57752.
Read more Application Development
In GitLab CE/EE versions before 18.1.5, 18.2 before 18.2.5 and 18.3 before 18.3.1 a medium severity vulnerability CVE-2025-5101 was detected. This vulnerability allows an authenticated attacker to distribute malicious code that appears harmless in the web interface. To address this issue, users should upgrade GitLab CE/EE to versions 18.3.1, 18.2.5 or 18.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5101.
Read more Developer Tools
In GitLab CE/EE versions 14.1 through 18.1.5, 18.2 through 18.2.5 and 18.3 through 18.3.1 a medium severity vulnerability CVE-2025-4225 was detected. This vulnerability allows an unauthenticated attacker to cause a denial-of-service condition by sending specially crafted GraphQL requests. To address this issue, users should upgrade GitLab CE/EE to versions 18.3.1, 18.2.5 or 18.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4225.
Read more Developer Tools
In GitLab CE/EE versions 8.15 through 18.1.5, 18.2 through 18.2.5 and 18.3 through 18.3.1 a medium severity vulnerability CVE-2025-3601 was detected. This vulnerability allows an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses. To address this issue, users should upgrade GitLab CE/EE to versions 18.3.1, 18.2.5 or 18.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3601.
Read more Developer Tools
In GitLab CE/EE versions before 18.1.5, 18.2 before 18.2.5 and 18.3 before 18.3.1 a medium severity vulnerability CVE-2025-2246 was detected. This vulnerability allows unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API. To address this issue, users should upgrade GitLab CE/EE to versions 18.3.1, 18.2.5 or 18.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2246.
Read more Developer Tools