In GitLab CE/EE versions 16.9 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 a low severity vulnerability CVE-2025-12983 was detected. This vulnerability allows authenticated attackers to trigger a denial of service condition by submitting specially crafted markdown content containing nested formatting patterns. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12983.
Read more Developer ToolsIn GitLab CE/EE versions 17.9 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 a low severity vulnerability CVE-2025-7736 was detected. This vulnerability allows authenticated attackers to bypass access control restrictions and access GitLab Pages content intended only for project members by authenticating through OAuth providers. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7736.
Read more Developer ToolsIn GitLab CE/EE versions 17.6 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 a medium severity vulnerability CVE-2025-7000 was detected. This vulnerability could allow unauthorized users to view confidential branch names by accessing project issues associated with related merge requests under specific conditions. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7000.
Read more Developer ToolsIn GitLab EE versions 17.8 through 18.3.5, 18.4 through 18.4.3 and 18.5 through 18.5.1 a low severity vulnerability CVE-2025-6945 was detected. This vulnerability allows authenticated attackers to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6945.
Read more Developer ToolsIn GitLab CE/EE versions 13.2 through 18.3.5, 18.4 through 18.4.3 and 18.5 through 18.5.1 a medium severity vulnerability CVE-2025-6171 was detected. This vulnerability allows authenticated attackers with reporter access to view branch names and pipeline details via the packages API endpoint, even when repository access is disabled. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6171.
Read more Developer ToolsIn Mattermost versions prior to 11 a medium severity vulnerability CVE-2025-55070 was identified. This vulnerability allows unauthenticated users to bypass multi-factor authentication enforcement on WebSocket connections, potentially leading to unauthorized access to sensitive information via WebSocket events. To fix this vulnerability, users should upgrade Mattermost to version 11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55070.
Read more CommunicationIn Mattermost versions prior to 11.0 a low severity vulnerability CVE-2025-41436 was identified. This vulnerability allows regular users to bypass the “Allow users to view archived channels” setting and access archived channel content and files via the “Open in Channel” functionality from followed threads. To fix this vulnerability, users should upgrade Mattermost to version 11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-41436.
Read more CommunicationIn PostgreSQL versions before 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 a medium severity vulnerability CVE‑2025‑12818 was discovered in the libpq client library. An integer wraparound issue in multiple libpq functions can cause undersized memory allocations and out-of-bounds writes by hundreds of megabytes. This flaw can lead to application crashes due to segmentation faults and potential memory corruption. To fix this vulnerability, users should upgrade to PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, or 13.23 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12818.
Read more DatabaseIn PostgreSQL versions before 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 a low severity vulnerability CVE‑2025‑12817 was found in the CREATE STATISTICS command. Missing schema CREATE privilege checks allow a table owner to cause denial of service against other CREATE STATISTICS users by creating statistics in any schema, causing later CREATE STATISTICS commands with the same name by authorized users to fail. To fix this vulnerability, users should upgrade to PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, or 13.23 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12817.
Read more Database