[SECURITY] Fedora 42 Update: qt5-qtquickcontrols-5.15.18-1.fc42

The Qt Quick Controls module provides a set of controls that can be used to build complete interfaces in Qt Quick...

Fedora: Security Advisory (FEDORA-2025-976ccd79ae)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MINI-QR62-GG28-QHHQ

Bulletin has no description...

CVE-2025-10317 Multiple Cross-Site Request Forgery in Quick.Cart

Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content defined by the attacker. This software does not...

CVE-2025-10317 Multiple Cross-Site Request Forgery in Quick.Cart

Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content defined by the attacker. This software does not...

CVE-2025-10317

OpenSolution Quick.Cart (OpenSolution Poland) has a Cross-Site Request Forgery (CSRF) vulnerability in its product creation functionality. CVE-2025-10317 is confirmed to affect Quick.Cart version 6.7, with testing indicating that only this version was verified; other versions were not tested and ...

[SECURITY] Fedora 42 Update: qt6-qtquicktimeline-6.9.3-1.fc42

The Qt Quick Timeline plugin provides QML types to use timelines and keyframes to animate Qt Quick user interfaces...

[SECURITY] Fedora 42 Update: qt6-qtdatavis3d-6.9.3-1.fc42

Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...

[SECURITY] Fedora 42 Update: qt6-qt3d-6.9.3-1.fc42

Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in both Qt C++ and Qt Quick applications...

PT-2025-44399

Name of the Vulnerable Software and Affected Versions Quick.Cart version 6.7 Quick.Cart affected versions not specified Description Quick.Cart is susceptible to Cross-Site Request Forgery in the product creation functionality. A malicious actor can create a specially crafted website that, when...

CVE-2025-11989

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions...

EUVD-2025-35951

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions...

CVE-2025-11989

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab EE versions 17.6.0 to before 18.3.5,...

CVE-2025-11989

Removed by vendor...

CVE-2025-11989 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions...

CVE-2025-11989

GitLab CVE-2025-11989 affects GitLab Enterprise Edition (EE) prior to patches for several tracks: 17.6.0 to before 18.3.5, 18.4 to before 18.4.3, and 18.5 to before 18.5.1. The vulnerability could allow an authenticated attacker to execute unauthorized quick actions by injecting malicious command...

CVE-2025-11989 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions...

CVE-2025-11989 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions...

GitLab 17.10 < 18.3.5 / 18.4 < 18.4.3 / 18.5 < 18.5.1 (CVE-2025-10497)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Improper access control issue in runner API impacts GitLab EE Denial of service issue in event collection impacts GitLab CE/EE Denial of service issue in JSON validation impacts GitLab...