In GitLab CE/EE versions 8.3 through 18.4.4, 18.5 through 18.5.2, and 18.6 before 18.6.1 a medium severity vulnerability CVE-2025-7449 was detected. This vulnerability allows authenticated users with specific permissions to cause a denial of service (DoS) condition through HTTP response processing. To address this issue, users should upgrade GitLab to versions 18.4.5, 18.5.3, 18.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7449.
Read more Developer Tools
In GitLab CE/EE versions 17.10 through 18.4.4, 18.5 through 18.5.2, and 18.6 before 18.6.1 a high severity vulnerability CVE-2025-12571 was detected. This vulnerability allows unauthenticated users to cause a denial of service (DoS) by sending specially crafted requests containing malicious JSON payloads. To address this issue, users should upgrade GitLab to versions 18.4.5, 18.5.3, 18.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12571.
Read more Developer Tools
In GitLab EE versions 13.7 through 18.4.4, 18.5 through 18.5.2, and 18.6 before 18.6.1 a medium severity vulnerability CVE-2025-6195 was detected. This vulnerability could allow authenticated users to view information from security reports under certain configuration conditions. To address this issue, users should upgrade GitLab to versions 18.4.5, 18.5.3, 18.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6195.
Read more Developer Tools
In GitLab CE/EE versions 13.2 through 18.4.4, 18.5 through 18.5.2, and 18.6 before 18.6.1 a low severity vulnerability CVE-2025-13611 was detected. This vulnerability allows authenticated users with access to certain logs to obtain sensitive tokens under specific conditions due to improper handling of sensitive information in log files. To address this issue, users should upgrade GitLab to versions 18.4.5, 18.5.3, 18.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13611.
Read more Developer Tools
In GitLab CE/EE versions 18.3 through 18.4.4, 18.5 through 18.5.2, and 18.6 before 18.6.1 a medium severity vulnerability CVE-2025-12653 was detected. This vulnerability could allow unauthenticated users to join arbitrary organizations by manipulating headers in certain requests under specific conditions. To address this issue, users should upgrade GitLab to versions 18.4.5, 18.5.3, 18.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12653.
Read more Developer Tools
In the Webform Multiple File Upload module for Drupal 7.x a high severity vulnerability CVE-2025-12848 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary JavaScript in a victim’s browser by uploading a file with a malicious filename when file type validation is disabled on a Webform Multifile field. The issue originates from a third-party library used by the module. To address this issue, users should update the module to version 7.x-1.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12848.
Read more CMS
In OpenSearch versions prior to 3.2.0 a high severity vulnerability CVE-2025-9624 was detected. This vulnerability allows attackers to cause a denial of service (DoS) by submitting complex query_string inputs that trigger excessive resource consumption. To address this issue, users should upgrade OpenSearch to version 3.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9624.
Read more Data Analytics
In YouTube Subscribe plugin versions up to and including 3.0.0 a medium severity vulnerability CVE-2025-12025 was detected. This vulnerability allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts via admin settings, which execute when users access the affected pages. This issue affects only multi-site installations or sites where unfiltered_html has been disabled. To address this issue, users should upgrade the plugin to version 3.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12025.
Read more CMS
In Wishlist for WooCommerce plugin versions up to and including 1.0.9 a medium severity vulnerability CVE-2025-12040 was detected. This vulnerability allows unauthenticated attackers to modify other users’ wishlists due to missing validation on a user-controlled key in several functions within class-th-wishlist-frontend.php. To address this issue, users should upgrade the plugin to version 1.1.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12040.
Read more CMS