In GitLab CE/EE versions up to 17.8.7, 17.9 before 17.9.6 and 17.10 before 17.10.4 a medium severity vulnerability CVE-2025-1677 was detected. This vulnerability allows attackers to trigger a Denial of Service (DoS) by injecting oversized payloads into CI pipeline exports. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.7, 17.9.6 or 17.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1677.
Read more Developer Tools
In GitLab CE/EE versions from 7.7 up to 17.8.7, 17.9 before 17.9.6 and 17.10 before 17.10.4 a medium severity vulnerability CVE-2025-0362 was detected. This vulnerability allows attackers, under certain conditions, to trick users into unintentionally authorizing sensitive actions on their behalf. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.7, 17.9.6 or 17.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0362.
Read more Developer Tools
In GitLab EE versions from 17.1 up to 17.8.7, 17.9 before 17.9.6 and 17.10 before 17.10.4 a medium severity vulnerability CVE-2024-11129 was detected. This vulnerability allows attackers to perform targeted searches using sensitive keywords to retrieve the count of issues containing those terms, leading to potential information disclosure. To address this issue, users should upgrade GitLab EE to versions 17.8.7, 17.9.6 or 17.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11129.
Read more Developer Tools
In Embedder plugin for WordPress versions 1.3 to 1.3.5 a high severity vulnerability CVE-2025-3417 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to modify data due to a missing capability check in the ajax_set_global_option() function, enabling them to change the default registration role to administrator and gain administrative access to the site. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3417.
Read more CMS
In ORDER POST plugin for WordPress versions 2.0.2 and prior a high severity vulnerability CVE-2025-2805 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes due to improper validation of values before running do_shortcode. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2805.
Read more CMS
In Feedify plugin for WordPress versions prior to 2.4.6 a high severity vulnerability CVE-2024-13874 was detected. This vulnerability allows attackers to exploit a lack of sanitization and escaping of parameters, leading to Reflected Cross-Site Scripting (XSS) attacks that could target high-privilege users such as administrators. To address this issue, users should upgrade Feedify plugin to versions 2.4.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13874.
Read more CMS
In Helm versions prior to 3.17.3 a medium vulnerability CVE-2025-32387 was detected. This vulnerability allows attackers to craft a deeply nested chain of references within a JSON Schema file in a Helm chart, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. To address this issue, users should upgrade Helm to versions 3.17.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32387.
Read more Developer Tools
In Helm versions prior to 3.17.3 a medium severity vulnerability CVE-2025-32386 was detected. This vulnerability allows attackers to craft a chart archive file that expands significantly when uncompressed (e.g., >800x the compressed size), and when Helm loads this specially crafted chart, it can cause memory exhaustion, leading to the termination of the application. To address this issue, users should upgrade Helm to version 3.17.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32386.
Read more Developer Tools
In Elasticsearch versions 7.17.0 to 7.17.23 and 8.0 to 8.15.0 a medium severity vulnerability CVE-2024-52981 was detected. This vulnerability allows attackers to trigger a stack overflow by submitting a Well-Known Text (WKT) formatted string containing deeply nested GeometryCollection objects. To address this issue, users should upgrade Elasticsearch to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52981.
Read more Data Analytics