In WP Foodbakery plugin for WordPress versions 3.3 and prior a critical severity vulnerability CVE-2025-0180 was detected. This vulnerability allows attackers to gain administrator access to a WordPress site by exploiting a flaw in the WP Foodbakery plugin, enabling them to register as an admin without authentication. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-0180.
Read more CMS Newsflash Business and Enterprise Solutions
In Wazuh versions starting from 4.4.0 and prior to 4.9.1 a high severity vulnerability CVE-2025-24016 was detected. This vulnerability allows attackers to execute malicious code on Wazuh servers by exploiting a flaw in how data is processed, potentially compromising the server. To fix this issue users should upgrade Wazuh to version 4.9.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-24016.
Read more Security
In GitLab CE/EE all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2 a medium severity vulnerability CVE-2025-1072 was detected. This vulnerability allows attackers to cause a denial of service by importing maliciously crafted content using the Fogbugz importer. To fix this issue, users should upgrade GitLab CE/EE to versions 17.3.7, 17.4.4, or 17.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-1072.
Read more Developer Tools
In the gitlab-web-ide-vscode-fork component distributed over CDN versions prior to 1.89.1-1.0.0-dev-20241118094343, used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and temporarily affecting versions 17.4, 17.5, and 17.6 a high severity vulnerability CVE-2024-10383 was detected. This vulnerability allows attackers to perform an XSS attack when loading .ipynb files in the web IDE. To fix this issue, users should upgrade to the latest version of gitlab-web-ide-vscode-fork and GitLab. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10383.
Read more Developer Tools
In GitLab versions from 13.6 to 17.2.9, 17.3 to 17.3.5 and 17.4 to 17.4.2 a high severity vulnerability CVE-2024-9631 was detected. This vulnerability causes significant delays in responsiveness when viewing diffs of merge requests with conflicts, affecting workflow efficiency during code reviews. To address this issue, users should upgrade GitLab to versions 17.2.9, 17.3.5, 17.4.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9631.
Read more Developer Tools
In Discourse versions 3.3.2 and prior on the `stable` branch and 3.4.0.beta3 and prior on the `beta` and `tests-passed` branches a medium severity vulnerability CVE-2024-53851 was detected. This vulnerability allows authenticated users to cause a denial of service by exploiting the endpoint for generating inline oneboxes for URLs. To address this issue, users should upgrade Discourse to version 3.3.3 and later on the `stable` branch or version 3.4.0.beta4 and later on the `beta` and `tests-passed` branches. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53851.
Read more Communication
In Git LFS versions prior to 3.6.1 a high severity vulnerability CVE-2024-53263 was detected. This vulnerability allows an attacker to retrieve a user’s Git credentials by inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) into the URL. To address this issue, users should upgrade Git LFS to version 3.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53263.
Read more Developer Tools
In Tripetto plugin for WordPress versions up to 8.0.8 a medium severity vulnerability CVE-2024-13829 was detected. This vulnerability allows unauthenticated attackers to extract sensitive data, including files uploaded via forms, through the ‘attachments.php’ file. To address this issue, users must upgrade to Tripetto version 8.0.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13829.
Read more CMS
In Discourse versions prior to 3.3.3 on the `stable` branch and prior to 3.4.0.beta4 on the `tests-passed` branch a medium severity vulnerability CVE-2024-53266 was detected. This vulnerability allows attackers to execute arbitrary JavaScript via the user’s profile activity streams. To address this issue, users should upgrade Discourse to version 3.3.3 and later on the `stable` branch or version 3.4.0.beta4 and later on the `tests-passed` branches. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53266.
Read more Communication