In GitLab CE/EE versions from 17.2 before 17.11.5, 18.0 before 18.0.3 and 18.1 before 18.1.1 a medium severity vulnerability CVE-2025-1754 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files to public projects via crafted API requests, potentially resulting in resource abuse and unauthorized content storage. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.5, 18.0.3 or 18.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1754.
Read more Developer ToolsIn GitLab CE/EE versions from 17.3 before 17.11.5, 18.0 before 18.0.3 and 18.1 before 18.1.1 a low severity vulnerability CVE-2025-2938 was detected. This vulnerability allows authenticated users to gain elevated project privileges by requesting access to projects where role changes during the approval process could unintentionally grant higher permissions. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.5, 18.0.3 or 18.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2938.
Read more Developer ToolsIn Discourse versions prior to 3.4.6 (stable) and 3.5.0.beta8-dev (tests-passed) a medium severity vulnerability CVE-2025-49845 was detected. This vulnerability allows users to continue viewing their own whisper posts even after losing group-based permission to view such content. To address this issue, users should upgrade Discourse to versions 3.4.6 or later (stable), 3.5.0.beta8-dev (tests-passed). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49845.
Read more CommunicationIn Vault Community and Vault Enterprise versions prior to 1.20.0 a low severity vulnerability CVE-2025-4656 was detected. This vulnerability allows Vault operators to trigger denial-of-service (DoS) conditions by cancelling rekey or recovery key operations without proper control. To address this issue, users should upgrade Vault Community Edition to versions 1.20.0, Vault Enterprise to versions 1.20.0, 1.19.6, 1.18.11, 1.17.17 or 1.16.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4656.
Read more SecurityIn Kibana versions up to and including 7.17.28, 8.0.0 up to and including 8.17.7, 8.18.0 up to and including 8.18.2 and 9.0.0 up to and including 9.0.2 a medium severity vulnerability CVE-2025-25012 was detected. This vulnerability allows attackers to redirect users to untrusted sites and potentially perform server-side request forgery (SSRF) via specially crafted URLs. To address this issue, users should upgrade Kibana to versions 7.17.29, 8.17.8, 8.18.3 or 9.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25012.
Read more Data AnalyticsIn Kanboard versions 1.2.45 and prior a medium severity vulnerability CVE-2025-52576 was detected. This vulnerability allows attackers to enumerate valid usernames and bypass IP-based brute-force protection mechanisms such as Fail2Ban or CAPTCHA by abusing trusted HTTP headers and analyzing login behavior. This puts user accounts at higher risk of credential stuffing and brute-force attacks. To address this issue, users should upgrade Kanboard to version 1.2.46. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52576.
Read more Project ManagementIn Umbraco versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1 a medium severity vulnerability CVE-2025-49147 was detected. This vulnerability allows unauthenticated attackers to access limited information about the configured password requirements via an anonymous endpoint, which could aid brute-force attacks. To address this issue, users should upgrade Umbraco to versions 10.8.11 or 13.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49147.
Read more CMSIn Gogs versions prior to 0.13.3 a critical severity vulnerability CVE-2024-56731 was detected. This vulnerability allows unprivileged users to delete files under the .git directory and execute arbitrary commands with the privileges of the configured RUN_USER, enabling remote command execution and unauthorized modification of other users’ code hosted on the same instance. To address this issue, users should upgrade to versions 0.13.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56731.
Read more Developer ToolsIn Kanboard versions prior to 1.2.46 a high severity vulnerability CVE-2025-52560 was detected. This vulnerability allows attackers to craft malicious password reset links by exploiting an unvalidated Host header when the application_url configuration is unset, potentially leading to account takeover. To address this issue, users should upgrade Kanboard to versions 1.2.46 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52560.
Read more Project Management