In MariaDB Server versions 10.4 through 10.5, 10.6 through 10.6, 10.7 through 10.11, 11.0 through 11.0, and 11.1 through 11.4 a medium severity vulnerability CVE-2023-52970 was detected. This vulnerability allows attackers to force MariaDB to crash, making the database unavailable. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-52970.
Read more Newsflash
In NGINX Unit versions prior to 1.34.2 with the Java Language Module in use a medium severity vulnerability CVE-2025-1695 was detected. This vulnerability allows attackers to cause an infinite loop and increase CPU resource utilization, potentially leading to a limited denial-of-service (DoS). To address this issue, users should upgrade NGINX Unit to version 1.34.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1695.
Read more Application Development
In NocoDB versions 0.257.9 and prior a medium severity vulnerability CVE-2025-27506 was detected. This vulnerability allows attackers to exploit a reflected Cross-Site Scripting (XSS) flaw in the /api/v1/db/auth/password/reset/:tokenId API endpoint due to the use of the insecure function “<%-" in the client-side template engine ejs, which is rendered by the function renderPasswordReset. To address this issue, users should upgrade NocoDB to versions 0.258.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27506.
Read more Database
In Django versions 5.1 prior to 5.1.7, 5.0 prior to 5.0.13 and 4.2 prior to 4.2.20 a medium severity vulnerability CVE-2025-26699 was detected. This vulnerability allows attackers to exploit the django.utils.text.wrap() method and wordwrap template filter, making them susceptible to a potential denial-of-service attack when used with very long strings. To address this issue, users should upgrade Django to versions 4.2.20, 5.0.13 or 5.1.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26699.
Read more Application Development
In GitLab CE/EE for Self-Managed and Dedicated instances versions 17.5 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 a low severity vulnerability CVE-2025-1540 was detected. This vulnerability allows an external user to read and clone internal projects under certain circumstances. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4 or 17.6.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1540.
Read more Developer Tools
In Jenkins versions 2.499 and prior, and LTS 2.492.1 and prior a medium severity vulnerability CVE-2025-27625 was detected. This vulnerability allows attackers to perform phishing attacks by leveraging redirects that start with backslash (`\`) characters, causing users to be forwarded to unintended sites. To address this issue, users should upgrade Jenkins to versions 2.500 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27625.
Read more Developer Tools
In Jenkins versions 2.499 and prior, and LTS 2.492.1 and prior a medium severity vulnerability CVE-2025-27624 was detected. This vulnerability allows attackers to exploit cross-site request forgery (CSRF) to manipulate the collapsed/expanded status of sidepanel widgets, such as Build Queue and Build Executor Status widgets. To address this issue, users should upgrade Jenkins to versions 2.500 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27624.
Read more Developer Tools
In Jenkins versions 2.499 and prior, and LTS 2.492.1 and prior a medium severity vulnerability CVE-2025-27623 was detected. This vulnerability allows attackers with View/Read permission to access `config.xml` of views via REST API or CLI and retrieve encrypted values of secrets, as they are not properly redacted. To address this issue, users should upgrade Jenkins to versions 2.500 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27623.
Read more Developer Tools
In Jenkins versions 2.499 and prior, and LTS 2.492.1 and prior a medium severity vulnerability CVE-2025-27622 was detected. This vulnerability allows attackers with Agent/Extended Read permission to access `config.xml` of agents via REST API or CLI and retrieve encrypted values of secrets, as they are not properly redacted. To address this issue, users should upgrade Jenkins to versions 2.500 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27622.
Read more Developer Tools