In GitLab Enterprise Edition versions from 10.6.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a medium severity vulnerability CVE-2025-11971 was detected. This vulnerability allows an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits due to improper authorization validation. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11971.
Read more Developer ToolsIn GitLab Community and Enterprise Edition versions from 11.0.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a high severity vulnerability CVE-2025-11447 was detected. This vulnerability allows an unauthenticated attacker to cause a denial of service condition by sending crafted GraphQL requests that consume excessive resources due to missing rate limits and throttling. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11447.
Read more Developer ToolsIn GitLab Community and Enterprise Edition versions from 17.10.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a high severity vulnerability CVE-2025-10497 was detected. This vulnerability allows an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads that consume excessive system resources due to missing rate limits and throttling. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10497.
Read more Developer ToolsIn OpenVPN versions 2.7_alpha1 through 2.7_beta1 a high severity vulnerability CVE-2025-10680 was detected. This vulnerability allows a remote, authenticated OpenVPN server to inject and execute shell commands on POSIX-based clients via specially crafted DNS variables when the client is run with the –dns-updown option. To address this issue, users should upgrade OpenVPN to versions 2.7_beta2 or later (or otherwise avoid the vulnerable 2.7_alpha1–2.7_beta1 builds). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10680.
Read more SecurityIn Jeg Kit for Elementor plugin for WordPress versions prior to 2.7.0 a medium severity vulnerability CVE-2025-9978 was detected. This vulnerability allows attackers to execute arbitrary scripts in the context of a user’s browser by uploading specially crafted SVG files via xmlrpc.php. To address this issue, users should upgrade Jeg Kit for Elementor plugin to version 2.7.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8416.
Read more CMSIn Product Filter by WBW plugin for WordPress versions up to and including 2.9.7 a high severity vulnerability CVE-2025-8416 was detected. This vulnerability allows unauthenticated attackers to supply specially crafted input to the filtersDataBackend parameter to inject additional SQL into existing queries and extract sensitive database information due to insufficient escaping and lack of prepared statements. To address this issue, users should upgrade Product Filter by WBW plugin to version 2.9.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8416.
Read more CMSIn the Listeo theme for WordPress versions up to and including 2.0.8 a medium severity vulnerability CVE-2025-8413 was detected. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts via the theme’s soundcloud shortcode because of insufficient input sanitization and output escaping on user-supplied attributes; injected scripts execute whenever a user accesses an affected page. To address this issue, users should upgrade the Listeo theme to version 2.0.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8413.
Read more CMSIn Vault Community Edition versions 0.6.0 up to 1.20.4, and in Vault Enterprise versions 0.6.0 up to 1.20.4, 1.19.10, 1.18.15, and 1.16.26 a high severity vulnerability CVE-2025-11621 was detected. This vulnerability allows an attacker to bypass AWS authentication when the role of the configured bound_principal_iam is the same across AWS accounts or uses a wildcard. To address this issue, users should update to Vault Community Edition 1.21.0 or Vault Enterprise 1.21.0, 1.20.5, 1.19.11, or 1.16.27. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11621.
Read more SecurityIn Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.19 a low severity vulnerability CVE-2025-62247 was detected. This vulnerability allows instance users to access and select unauthorized Blueprints through Collection Providers across instances, potentially exposing restricted configuration data. To address this issue, users should update to Liferay DXP 2025.Q3.0, 2025.Q2.10, 2025.Q1.17, or 2024.Q1.20. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62247.
Read more CMS