In GitLab CE/EE versions from 11.6 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-2614 was detected. This vulnerability allows authenticated users to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed, due to lack of proper throttling or resource limits. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2614.
Read more Developer Tools
In GitLab CE/EE versions from 8.14 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-1477 was detected. This vulnerability allows unauthenticated users to cause a denial of service condition by sending specially crafted payloads to specific integration API endpoints, due to lack of proper resource limits and throttling. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1477.
Read more Developer Tools
In Dolibarr ERP/CRM versions up to and including 3.1.1 and 3.2.0 a critical severity vulnerability CVE-2012-10059 was detected. This vulnerability allows authenticated attackers to execute arbitrary system commands via the database backup feature, due to improper sanitization of the sql_compat parameter in the export.php script. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-10059.
Read more ERP
In GitLab EE versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4 and 18.2 prior to 18.2.2 a medium severity vulnerability CVE-2025-8770 was detected. This vulnerability allows authenticated attackers with specific access to bypass merge request approval policies by manipulating approval rule identifiers. To address this issue, users should upgrade GitLab EE to versions 18.0.6, 18.1.4 or 18.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8770.
Read more Developer Tools
In GitLab CE/EE versions from 18.2 before 18.2.2 a high severity vulnerability CVE-2025-7739 was detected. This vulnerability allows authenticated attackers to achieve stored cross-site scripting (XSS) by injecting malicious HTML content in scoped label descriptions. To address this issue, users should upgrade GitLab CE/EE to version 18.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7739.
Read more Developer Tools
In GitLab CE/EE versions 14.2 through 17.11.x before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 a high severity vulnerability CVE-2025-7734 was detected. This vulnerability allows attackers, under certain conditions, to inject malicious content that could execute actions on behalf of users due to improper neutralization of input during web page generation (Cross-Site Scripting). To address this issue, users should upgrade GitLab CE/EE to versions 18.0.6, 18.1.4 or 18.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7734.
Read more Developer Tools
In GitLab CE/EE versions from 18.1 before 18.1.4 and 18.2 before 18.2.2 a high severity vulnerability CVE-2025-6186 was detected. This vulnerability allows authenticated attackers to perform account takeover by injecting malicious HTML into work item names, due to improper neutralization of input during web page generation. To address this issue, users should upgrade GitLab CE/EE to versions 18.1.4 or 18.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6186.
Read more Developer Tools
In Helm, all versions before 3.18.5 a high severity vulnerability CVE-2025-55199 was detected. This vulnerability allows attackers to craft a JSON Schema file in a way that can cause Helm to consume all available memory, leading to an Out of Memory termination. To fix this issue, users should upgrade Helm to version 3.18.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55199.
Read more Developer Tools
In NGINX Open Source and NGINX Plus versions prior to 1.6.1 and built with ngx_mail_smtp_module and configured with smtp_auth method “none,” a medium severity vulnerability CVE-2025-53859 was detected. This vulnerability allows attackers to over-read the NGINX SMTP authentication process memory, potentially leaking arbitrary bytes sent in a request to the authentication server. To fix this issue, users upgrade NGINX to version 1.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53859.
Read more Application Development