BIT-GITLAB-2025-14595 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...

CVE-2025-14595

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...

EUVD-2025-208995

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...

CVE-2025-14595 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...

CVE-2025-14595

Summary of CVE-2025-14595 (GitLab) A vulnerability in GitLab Enterprise Edition (GitLab EE) allowed an authenticated user with the Planner role to view security category metadata and attributes in the group security configuration, due to insufficient access control. The issue affects GitLab EE ve...

CVE-2025-14595 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...

EUVD-2001-1387

Malware in sbrugna...

CVE-2025-58359

Summary: The frost-core (ZF FROST) vulnerability CVE-2025-58359 affects frost-core versions 2.0.0–2.1.0. The issue arises because the refresh shares mechanism in frost_core::keys::refresh did not clearly communicate that changing min_signers would not reduce the threshold, and after refreshing wi...

CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

CVE-2020-9885

An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group...

Debian DSA-2650-2 : libvirt - files and device nodes ownership change to kvm group

Bastian Blank discovered that libvirtd, a daemon for management of virtual machines, network and storage, would change ownership of devices files so they would be owned by user 'libvirt-qemu' and group 'kvm', which is a general purpose group not specific to libvirt, allowing unintended write acce...

CVE-2001-1407

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug...