In GitLab CE/EE versions from 17.11 before 17.11.4 and 18.0 before 18.0.2 a high severity vulnerability CVE-2025-5121 was detected. This vulnerability allows attackers to apply compliance frameworks to projects outside of the intended compliance framework’s group due to a missing authorization check. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5121.
Read more Developer Tools
In GitLab EE versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1 a high severity vulnerability CVE-2025-2443 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks and bypass content security policy (CSP) protections in the user’s browser under specific conditions. To address this issue, users should upgrade GitLab EE to versions 17.9.7, 17.10.5 or 17.11.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2443.
Read more Developer Tools
In GitLab EE versions from 17.0 prior to 17.0.6, 17.1 prior to 17.1.4 and 17.2 prior to 17.2.2 a medium severity vulnerability CVE-2024-7586 was detected. This vulnerability allows authentication credentials to be preserved in the audit logs when webhooks are deleted, potentially exposing sensitive information. To address this issue, users should upgrade GitLab EE to versions 17.0.6, 17.1.4 or 17.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7586.
Read more Developer Tools
In GitLab CE/EE versions from 16.1.0 before 16.11.5, 17.0 before 17.0.3 and 17.1.0 before 17.1.1 a high severity vulnerability CVE-2024-4994 was detected. This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against GitLab’s GraphQL API, enabling the execution of arbitrary GraphQL mutations. To address this issue, users should upgrade GitLab CE/EE to versions 16.11.5, 17.0.3 or 17.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-4994.
Read more Developer Tools
In GitLab CE/EE versions from 7.10 before 16.11.5, 17.0 before 17.0.3 and 17.1 before 17.1.1 a medium severity vulnerability CVE-2024-4025 was detected. This vulnerability allows attackers to trigger a Denial of Service (DoS) condition by using a crafted markdown page. To address this issue, users should upgrade GitLab CE/EE to versions 16.11.5, 17.0.3 or 17.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-4025.
Read more Developer Tools
In Mattermost versions 10.5.x ≤ 10.5.5, 9.11.x ≤ 9.11.15, 10.8.x ≤ 10.8.0, 10.7.x ≤ 10.7.2 and 10.6.x ≤ 10.6.5 a critical severity vulnerability CVE-2025-4981 was detected. This vulnerability allows authenticated users to write files to arbitrary locations on the filesystem by uploading archives containing path traversal sequences in filenames, potentially leading to remote code execution. This affects instances where file attachments and content extraction are enabled (default configuration). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4981.
Read more Communication
In Euro FxRef Currency Converter plugin for WordPress versions up to and including 2.0.2 a medium severity vulnerability CVE-2025-6257 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the plugin’s currency shortcode due to insufficient input sanitization and output escaping. These scripts execute whenever a user accesses an injected page. To address this issue, users should upgrade Euro FxRef Currency Converter plugin to versions 2.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6257.
Read more CMS
In Poll, Survey & Quiz Maker Plugin by Opinion Stage for WordPress versions up to and including 19.9.0 a medium severity vulnerability CVE-2025-3880 was detected. This vulnerability allows authenticated users with Contributor access and above to change plugin settings, including the account email or connection status, due to insufficient permission checks. To address this issue, users should upgrade Poll, Survey & Quiz Maker Plugin to versions 19.10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3880.
Read more CMS
In the Pixabay Images plugin for WordPress versions up to and including 3.4 a high severity vulnerability CVE-2025-4413 was detected. This vulnerability allows authenticated attackers with Author-level access and above to upload arbitrary files to the affected site’s server due to missing file type validation, which may lead to remote code execution. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4413.
Read more CMS