In Keycloak version 21.0.2 a medium severity vulnerability CVE-2024-11734 was detected. This vulnerability allows attackers to disrupt the Keycloak service by modifying security headers, causing requests to fail and the service to become unavailable. To fix this issue, users should upgrade Keycloak to version 26.0.8. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11734.
In the RediSearch module that provides querying, secondary indexing, and full-text search for Redis versions 2.6.24, 2.8.21, 2.10.10 a high severity vulnerability CVE-2024-51737 was detected. This vulnerability allows attackers to trigger a buffer overflow by using specially crafted arguments in the FT.SEARCH or FT.AGGREGATE commands, potentially leading to remote code execution. To fix this issue, users should upgrade the RediSearch module for Redis to versions 2.6.24, 2.8.21, and 2.10.10. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51737.
In MonicaHQ version 4.1.2 a medium severity vulnerability CVE-2024-54999 was detected. This vulnerability allows attackers to exploit a Client-Side Injection via the `last_name` parameter in the General Information module. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54999.
Read more CRM
In MonicaHQ version 4.1.1 a medium severity vulnerability CVE-2024-54997 was detected. This vulnerability allows attackers to exploit an authenticated Client-Side Injection via the `entry` text field at `/journal/entries/ID/edit`. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54997.
Read more CRM
In GitLab CE/EE versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3 and starting from 17.7 prior to 17.7.1 a medium severity vulnerability CVE-2025-0194 was detected. This vulnerability allows attackers to access tokens that may have been logged when API requests were made in a specific manner. To address this issue, users should upgrade GitLab CE/EE to versions 17.5.5, 17.6.3, or 17.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0194.
Read more Developer Tools
In GitLab CE/EE versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1 a medium severity vulnerability CVE-2024-13041 was detected. This vulnerability allows attackers to bypass user access restrictions, potentially giving unauthorized users access to internal projects or groups in GitLab. To fix this issue, users should upgrade GitLab CE/EE to versions 17.5.5, 17.6.3, 17.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-13041.
Read more Developer Tools
In GitLab CE/EE versions starting from 15.5 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1 a medium severity vulnerability CVE-2024-12431 was detected. This vulnerability allows attackers to change the status of issues in public projects on GitLab, even if they are not authorized. To fix this issue, users should upgrade GitLab CE/EE to versions 15.5, 17.6.3, 17.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-12431.
Read more Developer Tools
In Drupal Node Access Rebuild Progressive versions from 7.X-1.0 to before 7.X-1.2 a medium severity vulnerability CVE-2024-13249 was detected. This vulnerability allows attackers to influence target behavior via framing. To address this issue, users should upgrade Node Access Rebuild Progressive to version 7.X-1.2 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-13249.
Read more CMS
In Vaultwarden versions before 1.32.5 a critical severity vulnerability CVE-2024-55225 was detected. This vulnerability allows attackers to impersonate users, including administrators, through a crafted authorization request. To address this issue, users should upgrade Vaultwarden to version 1.32.5 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-55225.
Read more Security