Our news and updates

In Mine CloudVod plugin for WordPress versions up to and including 2.1.10 a medium severity vulnerability CVE-2025-8071 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject web scripts via the ‘audio’ parameter, which execute when a user accesses the affected page due to insufficient sanitization and escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8071.

In the Get Youtube Subs plugin for WordPress versions up to and including 3.5 a medium severity vulnerability CVE-2025-7966 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘channel’, ‘layout’, and ‘subs_count’ parameters due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7966.

In GitLab CE/EE versions starting from 15.4 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-1299 was detected. This vulnerability could allow unauthorized users to read deployment job logs by sending a crafted request. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.5, 18.1.3 or 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1299.

In GitLab CE/EE versions from 17.9 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-0765 was detected. This vulnerability could allow unauthorized users to access custom service desk email addresses. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.5, 18.1.3 or 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0765.

In Harbor versions 2.11.2 and below and 2.12.0-rc1 and 2.13.0-rc1 a medium severity vulnerability CVE-2025-32019 was detected. This vulnerability allows attackers to inject cross-site scripting (XSS) code via the markdown field in the info tab page. To address this issue, users should update Harbor to versions 2.12.4 or 2.13.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32019.

In Redis versions up to and including 8.0.3 a medium severity vulnerability CVE-2025-46686 was detected. This vulnerability allows authenticated attackers to cause excessive memory consumption by sending a multi-bulk command with many bulks, even if the command is skipped due to insufficient permissions. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46686.

In Mine CloudVod plugin for WordPress versions up to and including 2.1.10 a medium severity vulnerability CVE-2025-8071 was detected. This vulnerability allows Contributor-level users to inject scripts via the ‘audio’ parameter, which execute when a user views the affected page. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8071.

In authentik versions 2025.4.4 and earlier and 2025.6.0-rc1 through 2025.6.3 a high severity vulnerability CVE-2025-53942 was identified. This vulnerability allows deactivated OAuth/SAML users to remain in a half-authenticated state, where they can’t access the API but can still authorize applications if they know the URL. To address this issue, users should upgrade Authentik to versions 2025.4.4 or 2025.6.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53942.

In GitLab CE/EE versions from 15.0 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-7001 was discovered. This vulnerability could allow privileged users to access certain resource_group information via the API that should have been restricted. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.5, 18.1.3 and 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7001.