In GitLab EE versions from 16.6 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-10871 was detected. This vulnerability allows Project Maintainers to exploit missing authorization checks and assign custom roles with permissions exceeding their own, effectively escalating their privileges. To address this issue, users should upgrade GitLab EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10871.
Read more Developer Tools
In GitLab CE/EE versions from 17.4 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-10868 was detected. This vulnerability allows attackers to exploit certain string conversion methods, causing performance degradation when processing large inputs. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10868.
Read more Developer Tools
In GitLab CE/EE versions from 18.1 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a low severity vulnerability CVE-2025-10867 was detected. This vulnerability allows authenticated users to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10867.
Read more Developer Tools
In GitLab CE/EE versions before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a high severity vulnerability CVE-2025-10858 was detected. This vulnerability allows unauthenticated users to cause a Denial of Service (DoS) condition by uploading specially crafted large JSON files. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10858.
Read more Developer Tools
In Liferay Portal versions 7.4.0 through 7.4.3.112, and Liferay DXP versions 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43807 was detected. This vulnerability allows a remote attacker to inject arbitrary web script or HTML via a crafted payload injected into a publication’s “Name” text field in the notifications widget. To address this issue, users should upgrade Liferay Portal to version 7.4.3.113 and Liferay DXP to versions 2024.Q2.0, 2024.Q1.1 or 2023.Q4.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43807.
Read more Data Analytics
In Ashlar-Vellum Graphite version 13_SE_13048 a high severity vulnerability CVE-2025-7981 was detected. This vulnerability allows remote attackers to execute arbitrary code on affected installations by exploiting uninitialized memory during VC6 file parsing when a user opens a malicious file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7981.
Read more Data Analytics
In Ashlar-Vellum Graphite version 13_SE_13048 a high severity vulnerability CVE-2025-7980 was detected. This vulnerability allows remote attackers to execute arbitrary code on affected installations by exploiting improper validation of user-supplied data in a VC6 file, which can result in an out-of-bounds write when a user opens a malicious file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7980.
Read more Data Analytics
In Ashlar-Vellum Graphite version 13_SE_13048 a high severity vulnerability CVE-2025-7979 was detected. This vulnerability allows remote attackers to execute arbitrary code on affected installations by exploiting improper validation of the length of user-supplied data during VC6 file parsing, which can result in a stack-based buffer overflow when a user opens a malicious file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7979.
Read more Data Analytics
In Liferay Portal versions 7.4.0 through 7.4.3.112, and Liferay DXP versions 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43806 was detected. This vulnerability allows an authenticated attacker to access exported data via the REST APIs due to a permission check flaw. To address this issue, users should upgrade Liferay Portal to version 7.4.3.113 and Liferay DXP to versions 2024.Q2.0, 2024.Q1.1 or 2023.Q4.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43806.
Read more Data Analytics