In Grafana versions 9.5.0 to 10.3.5 a medium security vulnerability CVE-2024-1313 was detected. This vulnerability allows a user from a different organization to delete a snapshot by bypassing authorization using its view key. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-1313.
Read more Application Development
Argo CD users, a critical security flaw in specific versions demands immediate action to prevent unauthorized access. This vulnerability, tied to authentication mechanisms, could allow attackers to bypass login credentials. It’s found in certain session validation configurations, posing a significant risk of unauthorized changes or data access. Review your Argo CD version against official documentation to ensure you’re not vulnerable. Upgrading to the latest version is advised for enhanced security.
Read more Developer Tools
Critical security alert for Apache Airflow versions 2.8.2 to 2.8.3: flawed log directory permissions expose systems to potential compromise. Primarily impacting root-run setups, this issue could endanger the entire filesystem. Remedies include operating as a non-root user, upgrading to version 2.8.4 or later, tightening folder permissions, and conducting thorough access reviews. Prompt measures and adherence to security best practices are vital for safeguarding Airflow environments.
Read more Data Analytics
In NGINX Open Source versions from 1.5.13 to 1.26.1, a medium severity vulnerability CVE-2024-7347 was detected. This vulnerability allows attackers to crash NGINX servers by sending a specially designed mp4 file, potentially disrupting website access. To fix this problem, users should upgrade NGINX Open Source to versions 1.26.2 and 1.27.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7347.
Read more Application Development
In Open Journal System versions prior to 3.4.0-6 a medium severity vulnerability CVE-2024-7902 was detected. This vulnerability allows attackers to redirect users to fake websites when logging out, potentially leading to data theft. To fix this problem, users should upgrade the Open Journal System to version 3.4.0-6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7902.
Read more CMS
In GitLab CE/EE versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 a medium severity vulnerability CVE-2025-14157 was detected. This vulnerability allows authenticated users to trigger a denial-of-service condition by sending crafted API requests containing excessively large content parameters, leading to uncontrolled resource consumption. To address this issue, users should upgrade GitLab CE/EE to versions 18.6.2, 18.5.4 or 18.4.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14157.
Read more Developer Tools
In GitLab CE/EE versions 15.6 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a low severity vulnerability CVE-2025-12734 was detected. This vulnerability allows authenticated users to leak sensitive information by exploiting improper encoding or escaping in specially crafted merge request titles. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12734.
Read more Developer Tools
In GitLab CE/EE versions 18.4 prior to 18.4.6, 18.5 prior to 18.5.4, and 18.6 prior to 18.6.2 a high severity vulnerability CVE-2025-12716 was detected. This vulnerability allows authenticated users to perform unauthorized actions on behalf of other users by creating wiki pages containing malicious content due to improper neutralization of input during web page generation (XSS). To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12716.
Read more Developer Tools