In FormCraft plugin for WordPress versions 3.9.11 and prior a medium severity vulnerability CVE-2024-13783 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to export all plugin data, potentially exposing sensitive form submissions. To address this issue, users should upgrade FormCraft plugin to version 3.9.12. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13783.
Read more CMS Newsflash Business and Enterprise Solutions
In Post SMTP plugin for WordPress versions 3.0.2 and prior a high severity vulnerability CVE-2025-0521 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘from’ and ‘subject’ parameters, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Post SMTP plugin to version 3.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0521.
Read more CMS Newsflash Business and Enterprise Solutions
In GitLab EE versions 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2025-1042 was detected. This vulnerability allows attackers to view repositories in an unauthorized way due to an insecure direct object reference. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1042.
Read more Developer Tools
In GitLab CE/EE versions 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2025-1198 was detected. This vulnerability allows revoked Personal Access Tokens to maintain access to streaming results due to long-lived connections in ActionCable. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1198.
Read more Developer Tools
In GitLab CE/EE versions 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2025-1212 was detected. This vulnerability allows attackers to send crafted requests to a backend server to reveal sensitive information. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1212.
Read more Developer Tools
In GitLab EE versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2024-3303 was detected. This vulnerability allows attackers to exfiltrate the contents of a private issue using prompt injection. To address this issue, users should upgrade GitLab EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-3303.
Read more Developer Tools
In GitLab CE/EE versions starting from 16.4 prior to 17.5.0 a critical severity vulnerability CVE-2024-7102 was detected. This vulnerability allows attackers to trigger a pipeline as another user under certain circumstances. Currently, there is no fix version for that issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7102.
Read more Developer Tools
In GitLab CE/EE versions from 17.1 prior to 17.6.0 a medium severity vulnerability CVE-2024-8266 was detected. This vulnerability allows attackers with a maintainer role to trigger a pipeline as the project owner under certain circumstances. To address this issue, users should upgrade to version 17.6.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8266.
Read more Developer Tools
In GitLab EE versions 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2024-9870 was detected. This vulnerability allows attackers to send requests from the GitLab server to unintended services. To address this issue, users should upgrade GitLab EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9870.
Read more Developer Tools