In Apache HTTP Server versions from 2.4.0 up to 2.4.65 a high severity vulnerability CVE-2025-59775 was detected. This vulnerability allows Server-Side Request Forgery (SSRF) on Windows systems with AllowEncodedSlashes On and MergeSlashes Off, potentially leaking NTLM hashes to a malicious server via SSRF and crafted requests or content. To address this issue, users should upgrade to Apache HTTP Server version 2.4.66 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-59775.
Read more Application DevelopmentIn Apache HTTP Server versions from 2.4.7 up to 2.4.65 a low severity vulnerability CVE-2025-66200 was detected. This vulnerability allows users with access to the RequestHeader directive in .htaccess files to bypass mod_userdir and suexec protections, causing some CGI scripts to run under an unexpected user ID, which may lead to unauthorized access or execution of malicious scripts. To address this issue users must upgrade to Apache HTTP Server version 2.4.66 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-66200.
Read more Application DevelopmentIn Apache HTTP Server versions from 2.4.0 up to 2.4.65 a low severity vulnerability CVE-2025-65082 was detected. This vulnerability allows environment variables set via the Apache configuration to unexpectedly supersede variables calculated by the server for CGI programs due to improper neutralization of escape, meta, or control sequences. To address this issue, users must upgrade to Apache HTTP Server version 2.4.66 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-65082.
Read more Application DevelopmentIn Gogs versions 0.13.3 and prior a high severity vulnerability CVE-2025-8110 was detected. This vulnerability allows local attackers to execute arbitrary code by exploiting improper symbolic link handling in the `PutContents` file update API. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8110.
Read more Developer ToolsIn Jenkins versions 2.540 and earlier, including LTS 2.528.2 and earlier a low severity vulnerability CVE-2025-67639 was detected. This vulnerability allows attackers to perform cross-site request forgery (CSRF) attacks that can trick users into logging in to the attacker’s account. To address this issue, users should upgrade Jenkins to versions 2.541 or 2.528.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67639.
Read more Developer ToolsIn Jenkins versions 2.540 and earlier, including LTS 2.528.2 and earlier a medium severity vulnerability CVE-2025-67638 was detected. This vulnerability allows attackers to observe and capture build authorization tokens because they are not properly masked in the job configuration form. To address this issue, users should upgrade Jenkins to versions 2.541 or 2.528.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67638.
Read more Developer ToolsIn Jenkins versions 2.540 and earlier, including LTS 2.528.2 and earlier a medium severity vulnerability CVE-2025-67637 was detected. This vulnerability allows users with Item/Extended Read permissions or access to the Jenkins controller file system to view unencrypted build authorization tokens stored in job `config.xml` files, exposing sensitive information. To address this issue, users should upgrade Jenkins to versions 2.541 or 2.528.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67637.
Read more Developer ToolsIn Jenkins versions 2.540 and earlier, including LTS 2.528.2 and earlier a medium severity vulnerability CVE-2025-67636 was detected. This vulnerability allows attackers with View/Read permissions to view encrypted password values due to a missing permission check. To address this issue, users should upgrade Jenkins to versions 2.541 or 2.528.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67636.
Read more Developer ToolsIn GitLab CE/EE versions 15.11 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a high severity vulnerability CVE-2025-12029 was detected. This vulnerability allows unauthenticated attackers to perform unauthorized actions on behalf of other users by injecting malicious external scripts into the Swagger UI. To address this issue, users should upgrade GitLab CE/EE versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12029.
Read more Developer Tools