In Metabase versions prior to 0.52.16.4, 1.52.16.4, 0.53.8 and v1.53.8 a low severity vulnerability CVE-2025-30371 was detected. This vulnerability allows circumvention of local link access protection in the GeoJson endpoint, potentially impacting self-hosted instances colocated with unsecured resources. To address this issue, users should upgrade Metabase to versions 0.52.16.4, 1.52.16.4, 0.53.8 or 1.53.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30371.
Read more Data Analytics
In PHP versions 8.1.* before 8.1.32, 8.2.* before 8.2.28, 8.3.* before 8.3.19 and 8.4.* before 8.4.5 a medium severity vulnerability CVE-2025-1217 was detected. This vulnerability causes incorrect parsing of folded HTTP headers in the HTTP request module, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. To address this issue, users should upgrade PHP to versions 8.1.32, 8.2.28, 8.3.19, 8.4.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1217.
Read more Web Development
In GitLab CE/EE versions 16.0 before 17.8.6, 17.9 before 17.9.3 and 17.10 before 17.10.1 a medium severity vulnerability CVE-2024-12619 was detected. This vulnerability allows internal users to gain unauthorized access to internal projects. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.1, 17.9.3, 17.8.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12619.
Read more Developer Tools
In Appsmith versions prior to 1.51 a medium severity vulnerability CVE-2024-55604 was detected. This vulnerability allows “App Viewer” users to access a workspace’s datasource list, potentially aiding in reconnaissance, though sensitive data remains secure. To address this issue, users should upgrade Appsmith to versions 1.51 or later For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55604.
Read more Application Development
In Discourse versions before 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch a medium severity vulnerability CVE-2025-24808 was detected. A user close to the group DM limit could bypass the limit by sending multiple requests at once. To address this issue, users should upgrade Discourse to versions 3.3.4 or later, or 3.4.0.beta5 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-24808.
Read more Communication
In Appsmith versions before 1.51 a medium severity vulnerability CVE-2024-55965 was detected. This vulnerability allows attackers with “App Viewer” access to view development information in a workspace, specifically a list of datasources in that workspace. To address this issue, users should upgrade Appsmith to versions 1.51 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55965.
Read more Security
In GitLab Duo with Amazon Q versions 17.8 before 17.8.6, 17.9 before 17.9.3 and 17.10 before 17.10.1 a medium severity vulnerability CVE-2025-2867 was detected. This vulnerability allows attackers to manipulate AI-assisted development features, potentially exposing sensitive project data to unauthorized users. To address this issue, users should upgrade GitLab Duo to versions 17.8.6, 17.9.3 or 17.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2867.
Read more Developer Tools
In Appsmith versions before 1.52 a critical severity vulnerability CVE-2024-55964 was detected. This vulnerability allows attackers to execute remote commands inside the Appsmith Docker container due to an incorrectly configured PostgreSQL instance, requiring the attacker to access Appsmith, log in, create a datasource, create a query, and execute that query. To address this issue, users should upgrade Appsmith to versions 1.52 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55964.
Read more Security
In Appsmith versions before 1.51 a medium severity vulnerability CVE-2024-55963 was detected. This vulnerability allows users without admin permissions to trigger the restart API on Appsmith, causing a denial of service by repeatedly restarting the server due to incorrect access control checks that should verify superuser permissions before processing the request. To address this issue, users should upgrade Appsmith to versions 1.51 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55963.
Read more Security