GitLab CE/EE versions 16.7 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 contain a medium severity vulnerability CVE-2025-2615. This vulnerability could allow a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections. To address this issue, users should upgrade GitLab to version 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2615.
Read more Developer Tools
The Coil Web Monetization plugin for WordPress versions up to and including 2.0.2 contains a medium severity vulnerability CVE-2025-9625. This vulnerability is caused by missing or incorrect nonce validation on the coil-get-css-selector parameter in the maybe_restrict_content function, allowing unauthenticated attackers to trigger CSS selector detection via a forged request if a site administrator is tricked into clicking a malicious link. To address this issue, users should upgrade the plugin to version 2.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9625.
Read more CMS
The RTMKit Addons for Elementor plugin for WordPress versions up to and including 1.6.1 contains a medium severity vulnerability CVE-2025-8609. This vulnerability is caused by insufficient input sanitization and output escaping on the plugin’s Accordion Block attributes, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts that execute whenever a user accesses the infected page. To address this issue, users should upgrade the plugin to version 1.6.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8609.
Read more CMS
In Mattermost versions prior to 11 a medium severity vulnerability CVE-2025-11776 was identified. This vulnerability allows guest users to bypass access restrictions on the archived channel search API and discover archived public channels via the /api/v4/teams/{team_id}/channels/search_archived endpoint. To fix this vulnerability, users should upgrade Mattermost to version 11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11776.
Read more Communication
In GitLab CE/EE versions 16.9 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 a low severity vulnerability CVE-2025-12983 was detected. This vulnerability allows authenticated attackers to trigger a denial of service condition by submitting specially crafted markdown content containing nested formatting patterns. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12983.
Read more Developer Tools
In GitLab CE/EE versions 17.9 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 a low severity vulnerability CVE-2025-7736 was detected. This vulnerability allows authenticated attackers to bypass access control restrictions and access GitLab Pages content intended only for project members by authenticating through OAuth providers. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7736.
Read more Developer Tools
In GitLab CE/EE versions 17.6 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 a medium severity vulnerability CVE-2025-7000 was detected. This vulnerability could allow unauthorized users to view confidential branch names by accessing project issues associated with related merge requests under specific conditions. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7000.
Read more Developer Tools
In GitLab EE versions 17.8 through 18.3.5, 18.4 through 18.4.3 and 18.5 through 18.5.1 a low severity vulnerability CVE-2025-6945 was detected. This vulnerability allows authenticated attackers to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6945.
Read more Developer Tools
In GitLab CE/EE versions 13.2 through 18.3.5, 18.4 through 18.4.3 and 18.5 through 18.5.1 a medium severity vulnerability CVE-2025-6171 was detected. This vulnerability allows authenticated attackers with reporter access to view branch names and pipeline details via the packages API endpoint, even when repository access is disabled. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6171.
Read more Developer Tools