671 matches found
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE versions for 18.3.6, 18.4.4, and 18.5.2. The vulnerabilities include the ability for attackers to remove Duo authentication flows, access sensitive information via GraphQL subscriptions, and bypass access controls on GitLab Pages. These...
Linux Distros Unpatched Vulnerability : CVE-2025-11865
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain...
CVE-2025-11865
An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...
EUVD-2025-197695
An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...
CVE-2025-11865
An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...
CVE-2025-11865 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...
CVE-2025-11865 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...
CVE-2025-11865
GitLab EE contains an Incorrect Authorization issue (CVE-2025-11865) that could allow an attacker to remove Duo MFA flows belonging to another user. Affected versions are GitLab EE 18.1–18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2. The root cause is described as improper authorization check...
CVE-2025-11865 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...
PT-2025-47047
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.1 through 18.3.6 GitLab EE versions 18.4 through 18.4.4 GitLab EE versions 18.5 through 18.5.2 Description A security issue exists in GitLab EE that, under specific conditions, could allow an attacker to remove Duo...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab EE versions 18.1 through 18.3 prior ...
EUVD-2025-136221
Malicious code in tanabufir-soffai-du npm...
EUVD-2025-136187
Malicious code in tanabufir-softfai-du npm...
CVE-2025-55085
In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...
Eclipse ThreadX NetX Duo 安全漏洞
Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4 that stems from a DHCPV6 client not checking the server DUID index in the server reply, which could lead to an...
CVE-2025-55087
In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...
CVE-2025-55094
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxicmpv6validateoptions when handling a packet with ICMP6 options...
CVE-2025-55093
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive when handling unicast DHCP messages that could cause corruption of 4 bytes of memory...
CVE-2025-55092
In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4optionprocess when processing an IPv4 packet with the timestamp option...
CVE-2025-55085
In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...