XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...

PT-2025-15987 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.9 through 17.9.5 GitLab CE/EE versions 17.10 through 17.10.3 Description: An issue exists in GitLab Community Edition CE and Enterprise Edition EE where runtime profiling data of a specific service was accessible to...