In Drupal versions 8.0.0 to 10.3.12, 10.4.0 to 10.4.2, 11.0.0 to 11.0.11 and 11.1.0 to 11.1.2 a high severity vulnerability CVE-2025-31673 was detected. This vulnerability allows attackers to bypass authorization checks and access content they should not have permission to view, potentially leading to unauthorized data exposure. To address this issue, users should upgrade Drupal core to versions 10.3.13, 10.4.3, 11.0.12 or 11.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31673.
Read more CMS
In Drupal versions 8.0.0 to 10.3.12, 10.4.0 to 10.4.2, 11.0.0 to 11.0.11 and 11.1.0 to 11.1.2 a high severity vulnerability CVE-2025-31674 was detected. This vulnerability allows attackers to perform object injection by improperly modifying dynamically-determined object attributes, which can lead to unauthorized access and manipulation of sensitive data. To address this issue, users should upgrade Drupal Core to versions 10.3.13, 10.4.3, 11.0.12, 11.1.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31674.
Read more CMS
In Drupal versions 8.0.0 to 10.3.13, 10.4.0 to 10.4.4, 11.0.0 to 11.0.12 and 11.1.0 to 11.1.4 a low severity vulnerability CVE-2025-31675 was detected. This vulnerability allows attackers to execute arbitrary JavaScript in the context of the user’s browser through improper neutralization of input during web page generation. This can lead to session hijacking, data theft, or website defacement. To address this issue, users should upgrade Drupal Core to versions 10.3.14, 10.4.5, 11.0.13, 11.1.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31675.
Read more CMS
In MLflow versions 2.13.2 a medium severity vulnerability CVE-2024-6838 was detected. This vulnerability allows an attacker to create or rename an experiment with an excessively long numeric name, causing the MLflow UI to become unresponsive, potentially leading to a denial of service. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6838.
Read more Data Analytics
In GitLab versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1 a medium severity vulnerability CVE-2024-10307 was detected. This vulnerability allows attackers to cause uncontrolled CPU consumption by submitting a maliciously crafted file when viewing the associated merge request. To address this issue, users should upgrade GitLab to versions 17.8.6, 17.9.3 or 17.10.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10307.
Read more Application Development
In Cal.com versions up to and including 1.0.0 a medium severity vulnerability CVE-2025-31604 was detected. This vulnerability allows attackers to execute stored cross-site scripting (XSS) attacks by improperly neutralizing script-related HTML tags in a web page. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-31604.
Read more Productivity
In Open Webui versions 0.3.32 a high severity vulnerability CVE-2024-12537 was detected. This vulnerability allows any unauthenticated attacker to access the api/v1/utils/code/format endpoint. If a malicious actor sends a POST request with excessive content, the server could become unresponsive or experience significant performance degradation, potentially causing service interruptions for legitimate users. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-12537.
Read more Security
In Open Webui versions 0.3.8 a critical severity vulnerability CVE-2024-7053 was detected. This vulnerability allows an attacker with a user-level account to hijack an administrator’s session by exploiting weak session cookie settings, enabling account takeover and potentially remote code execution (RCE) through a malicious image embedded in a chat that steals the admin’s session cookie. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7053.
Read more Security
In Appsmith versions prior to 1.51 a medium severity vulnerability CVE-2024-55604 was detected. This vulnerability allows “App Viewer” users to access a workspace’s datasource list, potentially aiding in reconnaissance, though sensitive data remains secure. To address this issue, users should upgrade Appsmith to versions 1.51 or later For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55604.
Read more Application Development