In @backstage/plugin-scaffolder-backend versions prior to 2.1.1 a medium severity vulnerability CVE-2025-55285 was detected. Duplicate logging of input values in the fetch:template action could expose template secrets (e.g., ${{ secrets.x }}) in logs, leading to unintended disclosure, though there is no impact if such secrets are not passed through to fetch:template. To address this issue, users should upgrade scaffolder-backend plugin to versions 2.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55285.
Read more Developer Tools
In GitLab CE/EE versions from 15.7 before 17.11.6, 18.0 before 18.0.4 and 18.1 before 18.1.2 a medium severity vulnerability CVE-2025-5819 was detected. This vulnerability allows authenticated users with developer access to obtain ID tokens for protected branches under certain conditions, due to incorrect permission assignment for a critical resource. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5819.
Read more Developer Tools
In GitLab CE/EE versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-2937 was detected. This vulnerability allows authenticated users to cause a denial of service condition by sending specially crafted markdown payloads to the Wiki feature due to inefficient regular expression complexity. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2937.
Read more Developer Tools
In GitLab EE versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4 and 18.2 prior to 18.2.2 a medium severity vulnerability CVE-2025-2498 was detected. This vulnerability allows users, under certain conditions, to view assigned issues from restricted groups by bypassing IP restrictions due to insufficient granularity of access control. To address this issue, users should upgrade GitLab EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2498.
Read more Developer Tools
In GitLab CE/EE versions from 11.6 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-2614 was detected. This vulnerability allows authenticated users to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed, due to lack of proper throttling or resource limits. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2614.
Read more Developer Tools
In GitLab CE/EE versions from 8.14 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-1477 was detected. This vulnerability allows unauthenticated users to cause a denial of service condition by sending specially crafted payloads to specific integration API endpoints, due to lack of proper resource limits and throttling. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1477.
Read more Developer Tools
In Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier a high severity vulnerability CVE-2025-49558 was detected. This vulnerability allows attackers to bypass security features by exploiting a Time-of-check Time-of-use (TOCTOU) Race Condition, enabling unauthorized write access. To address this issue, users should upgrade Magento to versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 or 2.4.4-p15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49558.
Read more E-commerce
In Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier a high severity vulnerability CVE-2025-49554 was detected. This vulnerability allows attackers to cause a denial-of-service (DoS) condition by providing specially crafted input, leading the application to crash or become unresponsive. To address this issue, users should upgrade Adobe Commerce to versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 or 2.4.4-p15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49554.
Read more E-commerce
In Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier a high severity vulnerability CVE-2025-49555 was detected. This vulnerability allows attackers to escalate privileges through CSRF by tricking authenticated users into performing unintended actions, potentially enabling unauthorized access or modification of sensitive data. Currently, there is no fix version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49555.
Read more E-commerce