In GitLab EE versions 16.6 prior to 16.7.6, 17.8 prior to 17.8.4 and 17.9 prior to 17.9.1 a high severity vulnerability CVE-2025-0555 was detected. This vulnerability allows attackers to bypass security controls and execute arbitrary scripts in a user’s browser under specific conditions. To address this issue, users should upgrade GitLab EE to versions 17.9.1, 17.8.4 or 17.7.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0555.
Read more Developer Tools
In MinIO versions starting in RELEASE.2024-06-06T09-36-42Z and prior to
RELEASE.2025-02-28T09-55-16Z a medium severity vulnerability CVE-2025-27414 was detected. This vulnerability allows attackers to bypass authentication and gain unauthorized data access by exploiting a bug in evaluating the trust of the SSH key used in an SFTP connection. To address this issue, users should upgrade MinIO to version RELEASE.2025-02-28T09-55-16Z. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27414.
In Odoo Community version 15.0 and Odoo Enterprise version 15.0 a high severity vulnerability CVE-2024-12368 was detected. This vulnerability allows an internal user to export the OAuth tokens of other users. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12368.
Read more ERP
In WP Posts Carousel plugin for WordPress versions 1.3.7 and prior a medium severity vulnerability CVE-2025-1491 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses the injected page, due to insufficient input sanitization and output escaping in the ‘auto_play_timeout’ parameter. To address this issue, users should upgrade WP Posts Carousel plugin to versions 1.3.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1491.
Read more CMS Newsflash Business and Enterprise Solutions
In GenerateBlocks plugin for WordPress versions 1.9.1 and prior a medium severity vulnerability CVE-2024-13546 was detected. This vulnerability allows attackers with Contributor-level access and above to extract sensitive information, including the content of private, draft, and scheduled posts and pages, via the ‘get_image_description’ function. To address this issue, users should upgrade GenerateBlocks plugin to versions 2.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13546.
Read more CMS Newsflash Business and Enterprise Solutions
In Academist Membership plugin for WordPress versions 1.1.6 and prior a critical severity vulnerability CVE-2025-1671 was detected. This vulnerability allows unauthenticated attackers to escalate their privileges and log in as any user, including site administrators, due to improper identity verification in the academist_membership_check_facebook_user() function. To address this issue, users should upgrade Academist Membership plugin to versions 1.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1671.
Read more CMS Newsflash Business and Enterprise Solutions
In Mattermost versions 10.4.x ≤ 10.4.1, 9.11.x ≤ 9.11.7, 10.3.x ≤ 10.3.2, and 10.2.x ≤ 10.2.2 a critical severity vulnerability CVE-2025-24490 was detected. This vulnerability allows attackers to retrieve sensitive data from the database via SQL injection due to the failure to use prepared statements when reordering specially crafted board categories. To address this issue, users should upgrade Mattermost to versions 9.0.5 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24490.
Read more Communication
In Combodo iTop versions prior to 2.7.12, 3.1.2 and 3.2.0 a medium severity vulnerability CVE-2025-27139 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) attacks when the preferences page is opened. To address this issue, users should upgrade iTop to versions 2.7.12, 3.1.2, 3.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27139.
Read more IT Business Management
In Mastodon versions prior to 4.1.23, 4.2.16 and 4.3.4 a medium severity vulnerability CVE-2025-27399 was detected. This vulnerability allows unapproved users to view domain block reasons when the visibility is set to “To logged-in users,” potentially exposing sensitive moderation details. To address this issue, users should upgrade Mastodon to versions 4.1.23, 4.2.16 or 4.3.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27399.
Read more Communication