In Apache Airflow 3.0.3 a high severity vulnerability CVE-2025-54831 was detected. Sensitive connection details were exposed to users with READ permissions through both the API and UI, bypassing the intended “write-only” model and the AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS configuration option. To address this issue, users should upgrade Airflow to version 3.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54831.
Read more Data Analytics
In GitLab CE/EE versions from 11.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 a high severity vulnerability CVE-2025-8014 was detected. This issue allows unauthenticated users to bypass GraphQL query complexity limits, causing uncontrolled CPU consumption and potential Denial of Service (DoS). To address this issue, users should upgrade GitLab to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8014.
Read more Developer Tools
In Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 a medium severity vulnerability CVE-2025-43819 was detected. This vulnerability allows unauthenticated users to reuse old user sessions through the SLO API. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.132 or later, and Liferay DXP 2025.Q1.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43819.
Read more CMS
In GitLab CE/EE versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-9958 was detected. This issue could allow Guest users to access sensitive information stored in virtual registry configurations. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9958.
Read more Developer Tools
In GitLab CE/EE versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 a high severity vulnerability CVE-2025-9642 was detected. This issue could allow an attacker to inject malicious content through cross-site scripting (XSS), potentially leading to account takeover. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9642.
Read more Developer Tools
In GitLab EE versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-7691 was detected. This privilege escalation issue could allow a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities. To address this issue, users should upgrade GitLab EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7691.
Read more Developer Tools
In GitLab CE/EE versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 a low severity vulnerability CVE-2025-5069 was detected. This issue could allow an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim’s project. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5069.
Read more Developer Tools
In Liferay Portal versions 7.1.0 through 7.4.3.101 and Liferay DXP versions 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 a low severity vulnerability CVE-2025-43795 was detected. The issue is an open redirect affecting multiple settings pages (System, Instance and Site Settings) where an attacker could redirect users to arbitrary external URLs via the respective _redirect parameters in those portlets. To address this vulnerability, users should upgrade to Liferay Portal 7.4.3.102, Liferay DXP 2024.Q1.1, Liferay DXP 2023.Q4.0, Liferay DXP 2023.Q3.5, Liferay DXP 7.3 U36 and later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43795.
In GitLab EE versions from 16.6 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-10871 was detected. This vulnerability allows Project Maintainers to exploit missing authorization checks and assign custom roles with permissions exceeding their own, effectively escalating their privileges. To address this issue, users should upgrade GitLab EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10871.
Read more Developer Tools