CVE-2025-15051

IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2025-15051). The IBM bulletin states QRadar SIEM 7.5.0 UP14 IF05 is affected and that an attacker could embed arbitrary JavaScript in the Web UI, potentially altering functionality. The CVSS base score is 5.4 (Vector: CVSS:3.1/AV:N/AC:L/P...

CVE-2025-4979 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables that they did not author in the WebUI, by simply creating their own variable and observing the HTTP...