Vulnerabilities fixed in GitLab Enterprise and Community Edition

GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated attackers to cause denial-of-service conditions by sending specially crafted payloads and GraphQL requests. In addition, authenticated...

CVE-2025-62971

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through = 1.4.7...

CVE-2025-6601 Business Logic Errors in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition version 18.4 up to and including version 18.4.3 and version 18.5 up to and including version 18.5.1, which stems from a flaw in the acce...

kms-activate

kms-activate Microsoft Windows/Office 一键激活工具 NOTE: - To u...

[SECURITY] Fedora 43 Update: gi-docgen-2025.5-1.fc43

GI-DocGen is a document generator for GObject-based libraries. GObject is the base type system of the GNOME project. GI-Docgen reuses the introspection data generated by GObject-based libraries to generate the API reference of these libraries, as well as other ancillary documentation. GI-DocGen i...

Fedora 43 : cef (2025-1e8f05e0a6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1e8f05e0a6 advisory. Update to 140.1.15^chromium140.0.7339.207 rhbz2396308 CVE-2025-10890: Side-channel information leakage in V8 CVE-2025-10891: Integer overflow in V8...

CVE-2025-62688

An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project...

CVE-2025-62498

A relative path traversal ZipSlip vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened...

CVE-2025-61977

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question...

EUVD-2025-35741

An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project...

EUVD-2025-35742

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question...

CVE-2025-62688

An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project...

CVE-2025-61977

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question...

CVE-2025-62688 AutomationDirect Productivity Suite Incorrect Permission Assignment for Critical Resource

An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project...

CVE-2025-61977 AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question...

CVE-2025-61977

CVE-2025-61977 concerns AutomationDirect Productivity Suite, version 4.4.1.19. The connected sources describe a vulnerability in the weak password recovery mechanism for forgotten passwords, which allows an attacker to decrypt an encrypted project by answering a single recovery question. The CVSS...

EUVD-2025-35726

NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure...

CVE-2025-23347

NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure...

CVE-2025-23347

NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure...