In Apache HTTP Server version 2.4.64 a medium severity vulnerability CVE-2025-54090 was discovered. This vulnerability causes all RewriteCond expr … conditions to be incorrectly evaluated as true, potentially disrupting expected functionality and allowing unintended access due to misinterpreted conditions. To address this issue, users should update Apache HTTP Server to version 2.4.65. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54090.
Read more Application DevelopmentIn GitLab CE/EE versions starting from 15.4 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-1299 was detected. This vulnerability could allow unauthorized users to read deployment job logs by sending a crafted request. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.5, 18.1.3 or 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1299.
Read more Developer ToolsIn GitLab CE/EE versions from 17.9 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-0765 was detected. This vulnerability could allow unauthorized users to access custom service desk email addresses. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.5, 18.1.3 or 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0765.
Read more Developer ToolsIn Harbor versions 2.11.2 and below and 2.12.0-rc1 and 2.13.0-rc1 a medium severity vulnerability CVE-2025-32019 was detected. This vulnerability allows attackers to inject cross-site scripting (XSS) code via the markdown field in the info tab page. To address this issue, users should update Harbor to versions 2.12.4 or 2.13.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32019.
Read more Developer ToolsIn Redis versions up to and including 8.0.3 a medium severity vulnerability CVE-2025-46686 was detected. This vulnerability allows authenticated attackers to cause excessive memory consumption by sending a multi-bulk command with many bulks, even if the command is skipped due to insufficient permissions. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46686.
Read more DatabaseIn Mine CloudVod plugin for WordPress versions up to and including 2.1.10 a medium severity vulnerability CVE-2025-8071 was detected. This vulnerability allows Contributor-level users to inject scripts via the ‘audio’ parameter, which execute when a user views the affected page. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8071.
Read more CMSIn authentik versions 2025.4.4 and earlier and 2025.6.0-rc1 through 2025.6.3 a high severity vulnerability CVE-2025-53942 was identified. This vulnerability allows deactivated OAuth/SAML users to remain in a half-authenticated state, where they can’t access the API but can still authorize applications if they know the URL. To address this issue, users should upgrade Authentik to versions 2025.4.4 or 2025.6.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53942.
Read more SecurityIn GitLab CE/EE versions from 15.0 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-7001 was discovered. This vulnerability could allow privileged users to access certain resource_group information via the API that should have been restricted. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.5, 18.1.3 and 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7001.
Read more Developer ToolsIn GitLab EE versions from 17.0 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-4976 was discovered. This vulnerability, under certain circumstances, could allow an attacker to access internal notes included in GitLab Duo responses. To address this issue, users should upgrade GitLab EE to versions 18.0.5, 18.1.3 and 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4976.
Read more Developer Tools