In Grafana versions >= 11.2,>= 11.3, >= 11.4, >= 11.5, >= 11.6, >= 12.0 a high severity vulnerability CVE-2025-4123 was detected. This vulnerability allows attackers to redirect users to a malicious site hosting a plugin that executes arbitrary JavaScript, even without editor permissions, and is exploitable if anonymous access is enabled. To address this issue, users should update Grafana to versions 12.0.0+security-01, 11.6.1+security-01, 11.5.4+security-01, 11.4.4+security-01, 11.3.6+security-01, 11.2.9+security-01 or 10.4.18+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4123.
Read more Data Analytics
In Grafana OSS versions 12.0.0 up to 12.0.1, 11.6.1 up to 11.6.2, 11.5.4 up to 11.5.5 a medium severity vulnerability CVE-2025-3580 was detected. This access control flaw allows an Organization administrator to permanently delete a Server administrator account (if the Server admin is in the same organization or unassigned) potentially leaving the instance without any super-user and rendering it unmanageable. To address this issue, users should upgrade Grafana to versions 10.4.19, 11.2.10, 11.3.7, 11.4.5, 11.5.5, 11.6.2 or 12.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3580.
Read more Data Analytics
In Exclusive Addons for Elementor plugin for WordPress versions up to and including 2.7.9.1 a medium severity vulnerability CVE-2025-4783 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the Countdown Timer Widget’s HTML attributes, which execute when a user accesses an affected page. To address this issue, users should upgrade Exclusive Addons for Elementor plugin to versions 2.7.9.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4783.
Read more CMS
In TablePress plugin for WordPress versions up to and including 3.1.2 a medium severity vulnerability CVE-2025-5096 was detected. This DOM-based stored XSS vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the data-caption, data-s-content-padding, data-s-title and data-footerattributes. To address this issue, users should upgrade TablePress plugin to versions 3.1.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5096.
Read more CMS
In 4stats plugin for WordPress versions up to and including 2.0.9 a medium severity vulnerability CVE-2025-3869 was detected. This Cross-Site Request Forgery (CSRF) vulnerability, caused by missing or incorrect nonce validation on the stats/stats.php page, allows unauthenticated attackers to update settings and inject malicious web scripts via a forged request if they can trick a site administrator into performing an action such as clicking a link. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3869.
Read more CMS
In GitLab CE/EE versions from 17.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-0679 was detected. This issue allows unauthorized users to view full email addresses that should be partially obscured under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0679.
Read more Developer Tools
In GitLab CE/EE versions from 16.8 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-0605 was detected. This issue allows certain users to bypass two-factor authentication requirements due to improper group access controls. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0605.
Read more Developer Tools
In GitLab CE/EE versions from 11.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2024-12093 was detected. This issue allows a modified SAML response to bypass two-factor authentication requirements under specific conditions due to improper XPath validation. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12093.
Read more Developer Tools
In GitLab CE/EE versions from 12.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a low severity vulnerability CVE-2024-9163 was detected. A business logic flaw allows an attacker to cause branch name confusion in confidential merge requests. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9163.
Read more Developer Tools