In Spring Framework versions 6.2.0 through 6.2.10, 6.1.0 through 6.1.22, and 5.3.0 through 5.3.44 a high severity vulnerability CVE-2025-41249 was detected. The annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics, which could impact authorization decisions if using Spring Security’s @EnableMethodSecurity feature. To fix this problem, users should upgrade to version 6.2.11, 6.1.23, or 5.3.45. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-41249.
In Ghost versions 6.0.0 through 6.0.8, and 5.99.0 through 5.130.3 a medium severity vulnerability CVE-2025-9862 was detected. This vulnerability allows attackers to access internal resources through a Server-Side Request Forgery (SSRF) exploit. To fix this problem, users should upgrade to Ghost 5.130.4 or 6.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9862.
Read more CMSIn Jenkins versions 2.527 and earlier, and LTS 2.516.2 and earlier a medium severity vulnerability CVE-2025-59475 was detected. This vulnerability allows attackers without Overall/Read permission to obtain limited information about Jenkins configuration by listing available options in the user profile dropdown menu. To fix this problem, users should upgrade Jenkins to version 2.528 and Jenkins LTS to version 2.516.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-59475.
Read more Developer ToolsIn Jenkins versions 2.527 and earlier, and LTS 2.516.2 and earlier a medium severity vulnerability CVE-2025-59474 was detected. This vulnerability allows attackers without Overall/Read permission to list agent names through the sidepanel executors widget. To fix this problem, users should upgrade Jenkins to version 2.528 and Jenkins LTS to version 2.516.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-59474.
Read more Developer ToolsIn Liferay Portal versions 7.3.0 through 7.4.3.111, Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 a medium severity vulnerability CVE-2025-43805 was detected. This vulnerability allows remote attackers to view display page templates via crafted URLs due to missing authorization checks. To fix this problem, users should upgrade to Liferay Portal 7.4.3.112, Liferay DXP 2024.Q1.1, Liferay DXP 2023.Q4.0, Liferay DXP 2023.Q3.5, or Liferay DXP 7.3 U36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43805.
Read more CMSIn Liferay Portal versions 7.4.3.93 through 7.4.3.111, and Liferay DXP versions 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 a high severity vulnerability CVE-2025-43804 was detected. This vulnerability allows attackers to inject arbitrary web script or HTML via the _com_liferay_portal_search_web_portlet_SearchPortlet_userId parameter. To fix this problem, users should upgrade to Liferay Portal 7.4.3.112, Liferay DXP 2024.Q1.1, Liferay DXP 2023.Q4.0, or Liferay DXP 2023.Q3.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43804.
In GitLab CE/EE versions 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 a high severity vulnerability CVE-2025-2256 was detected. This vulnerability allows unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses. To fix this problem, users should upgrade to GitLab 18.1.6, 18.2.6, or 18.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2256.
Read more Developer ToolsIn GitLab CE/EE versions 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 a medium severity vulnerability CVE-2025-1250 was detected. This vulnerability allows authenticated users to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes. To fix this problem, users should upgrade to GitLab 18.1.6, 18.2.6, or 18.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1250.
Read more Developer Toolsp>In Liferay Portal versions 7.4.0 through 7.4.3.124, and Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 a medium severity vulnerability CVE-2025-43788 was detected. This vulnerability allows attackers to obtain a list of all organizations because the organization selector does not check user permission. To fix this problem, users should upgrade to Liferay Portal 7.4.3.125, Liferay DXP 2024.Q1.13, Liferay DXP 2024.Q2.1, or Liferay DXP 2024.Q3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43788.
Read more CMS