In phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24530 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) by using a crafted table or database name. To address this issue, users should upgrade to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24530.
Read more Database
In phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24529 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) through the Insert tab. To address this issue, users should upgrade phpMyAdmin to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24529.
Read more Database
In Umbraco versions from 14.0.0 before 14.3.2 and from 15.0.0 before 15.1.2 a medium severity vulnerability CVE-2025-24012 was detected. This vulnerability allows attackers to exploit cross-site scripting (XSS) when viewing certain localized backoffice components. To address this issue, users should upgrade Umbraco to versions 14.3.2 or 15.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24012.
Read more CMS
In Umbraco version 14.3.1 a medium severity vulnerability CVE-2024-55488 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload, resulting in stored cross-site scripting (XSS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55488.
Read more CMS
In Meta Data and Taxonomies Filter plugin for WordPress versions up to and including 1.3.3.6 a medium severity vulnerability CVE-2024-13340 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts into pages via the ‘mdf_results_by_ajax’ shortcode, due to insufficient input sanitization and output escaping on user-supplied attributes. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13340.
Read more CMS
In GitLab CE/EE versions from 17.2 before 17.6.4, 17.7 before 17.7.3 and 17.8 before 17.8.1 a high severity vulnerability CVE-2025-0314 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) due to improper rendering of certain file types. To address this issue, users should upgrade GitLab CE/EE to versions 17.6.4, 17.7.3, or 17.8.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0314.
Read more Developer Tools
In GitLab CE/EE versions from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1 a medium severity vulnerability CVE-2024-11931 was detected. This vulnerability allows attackers with a developer role to exfiltrate protected CI variables under certain conditions via CI lint. To address this issue, users should upgrade GitLab CE/EE to versions 17.6.4, 17.7.3, 17.8.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11931.
Read more Developer Tools
In Keycloak versions 26.1.0 and prior a medium severity vulnerability CVE-2025-0604 was detected. This vulnerability allows attackers to bypass authentication by exploiting a flaw in Active Directory password resets, enabling users with expired or disabled AD accounts to regain access without proper LDAP validation. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0604.
Read more Security
In Directus versions prior to 11.2.0 a medium severity vulnerability CVE-2025-24353 was detected. This vulnerability allows attackers to exploit the item sharing feature to specify an arbitrary role, potentially escalating privileges and accessing fields that should otherwise remain hidden. To address this issue, users should upgrade Directus to version 11.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24353.
Read more CMS