In GitLab EE/CE versions 16.9 before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a medium severity vulnerability CVE-2025-0652 was detected. This vulnerability allows unauthorized users to access confidential information intended for internal use only. To address this issue, users should upgrade to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0652.
Read more Developer Tools
In GitLab CE/EE versions before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a medium severity vulnerability CVE-2024-13054 was detected. This vulnerability allows an attacker to cause a system reboot under certain conditions, leading to a denial of service. To address this issue, users should upgrade GitLab CE/EE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13054.
Read more Developer Tools
In GitLab EE/CE versions from 11.5 before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a medium severity vulnerability CVE-2024-12380 was detected. This vulnerability allows certain user inputs in repository mirroring settings to potentially expose sensitive authentication information. To address this issue, users should upgrade GitLab EE/CE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12380.
Read more Developer Tools
In GitLab EE versions from 17.2 before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a low severity vulnerability CVE-2024-8402 was detected. This vulnerability allows a Maintainer to introduce malicious code due to an input validation issue in the Google Cloud IAM integration feature. To address this issue, users should upgrade GitLab EE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8402.
Read more Developer Tools
In GitLab EE versions 12.3 before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a medium severity vulnerability CVE-2025-1257 was detected. This vulnerability allows attackers to cause a denial of service condition by manipulating specific API inputs. To address this issue, users should upgrade GitLab EE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1257.
Read more Developer Tools
In Joomla versions 4.0.0 up to and including 4.4.11, 5.1.0 up to and including 5.2.4 a high severity vulnerability CVE-2025-22213 was detected in the Media Manager. This vulnerability allows users with “edit” privileges to change file extensions to arbitrary values, including .php and other potentially executable extensions, which could lead to unauthorized code execution. To address this issue, users should upgrade Joomla to versions 4.4.12 or 5.2.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-22213.
Read more CMS
In Umbraco versions prior to 15.2.3 and prior to 14.3.3 a medium severity vulnerability CVE-2025-27601 was detected. This vulnerability allows low-privilege, authenticated users to create and update data type information, which should be restricted to users with access to the settings section. To address this issue, users should upgrade Umbraco to versions 15.2.3 or 14.3.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27601.
Read more CMS
In Umbraco versions prior to 10.8.9 and prior to 13.7.1 a medium severity vulnerability CVE-2025-27602 was detected. This vulnerability allows authenticated backoffice users to retrieve or delete content and media from restricted folders by manipulating backoffice API URLs. To address this issue, users should upgrade Umbraco to versions 10.8.9 and 13.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27602.
Read more CMS
In Workreap plugin for WordPress versions up to and including 3.2.5 a critical severity vulnerability CVE-2024-13446 was detected. This vulnerability allows attackers to escalate privileges through account takeover by exploiting the plugin’s failure to properly validate a user’s identity before performing social auto-login or updating profile details, including password changes, enabling unauthenticated attackers to log in as any user by knowing their email address or change an arbitrary user’s password, including administrators, to gain unauthorized access. To address this issue, users should upgrade Workreap plugin to versions 3.2.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13446.
Read more CMS