In GitLab EE versions 18.3 to 18.3.4 and 18.4 to 18.4.2 a high severity vulnerability CVE-2025-11340 was detected. This vulnerability allows authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations. To address this issue, users should upgrade GitLab to versions 18.4.2 or 18.3.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11340.
Read more Developer Tools
In GitLab CE/EE versions 5.2 prior to 18.2.8, 18.3 prior to 18.3.4 and 18.4 prior to 18.4.2 a medium severity vulnerability CVE-2025-2934 was detected. This vulnerability allows authenticated attackers to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTTP responses. To address this issue, users should upgrade GitLab to versions 18.4.2, 18.3.4 or 18.2.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2934.
Read more Developer Tools
In Grafana Image Renderer versions 1.0.0 through 4.0.16 a critical severity vulnerability CVE-2025-11539 was detected.This vulnerability allows attackers to achieve remote code execution by writing arbitrary files via the /render/csv endpoint—when the filePath parameter is not validated—which are then loaded by the Chromium process, and affects instances where the default token (authToken) is unchanged or known to the attacker and the endpoint is reachable. To address this issue, users should upgrade Grafana to version 4.0.17 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11539.
Read more Data Analytics
In Redis versions 8.2.1 and below a high severity vulnerability CVE-2025-46817 was detected. Authenticated users can use specially crafted Lua scripts to trigger an integer overflow that may lead to remote code execution. This issue affects all Redis versions with Lua scripting enabled. To address this issue, users should upgrade Redis to version 8.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46817.
Read more Database
In Zabbix versions 6.0.0 through 6.0.40, 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, and 7.4.0 through 7.4.1 a medium severity vulnerability CVE-2025-27231 was identified. A Super Admin user could leak the LDAP “Bind password” by changing the LDAP “Host” to a rogue server. Although the password field is not normally readable after saving, this behavior allowed indirect exposure of sensitive credentials. To address this issue, users should upgrade Zabbix to versions 6.0.41, 7.0.18, 7.2.12, or 7.4.2 or later. For more details, see https://nvd.nist.gov/vuln/detail/CVE-2025-27231.
Read more Monitoring
In Zabbix versions 6.0.38 through 6.0.40, 7.0.9 through 7.0.16, 7.2.3 through 7.2.10, and 7.4.0 a low severity vulnerability CVE-2025-27236 was identified. A regular Zabbix user could search other users in their user group via the Zabbix API by selecting fields the user does not have access to view. This allows data-mining of some field values the user does not have access to. To address this issue, users should upgrade Zabbix to versions 6.0.41, 7.0.17, 7.2.11, or 7.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27236.
Read more Monitoring
In Zabbix Agent and Agent 2 on Windows versions 6.0.0 through 6.0.40, 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, and 7.4.0 through 7.4.1 a high severity vulnerability CVE-2025-27237 was detected. The OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL. To address this issue, users should upgrade Zabbix to versions 6.0.41, 7.0.18, 7.2.12, or 7.4.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27237.
Read more Monitoring
In Zabbix versions 6.0.0 through 6.0.40, 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, and 7.4.0 through 7.4.1 a medium severity vulnerability CVE-2025-49641 was detected. A regular Zabbix user with no permission to the Monitoring → Problems view is still able to call the problem.view.refresh action and retrieve a list of active problems. To address this issue, users should upgrade Zabbix to versions 6.0.41, 7.0.18, 7.2.12, or 7.4.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49641.
Read more Monitoring
In Rancher Manager versions 2.9.0 through 2.9.11, 2.10.0 through 2.10.9, 2.11.0 through 2.11.5, and 2.12.0 through 2.12.1 a high severity vulnerability CVE-2024-58267 was detected. The SAML authentication mechanism used by the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be exploited to steal Rancher authentication tokens, allowing attackers to potentially gain unauthorized access. To address this issue, users should upgrade Rancher Manager to versions 2.9.12, 2.10.10, 2.11.6, 2.12.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-58267.
Read more Developer Tools