CVE-2025-47279 undici Denial of Service attack via bad certificate data

Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, th...

FreeBSD : Gitlab -- Vulnerabilities (729008b9-54bf-11ef-a61b-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 729008b9-54bf-11ef-a61b-2cf05da270f3 advisory. Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access...

Jenkins GitLab Plugin Cross-Site Scripting (CVE-2022-34777)

A stored cross-site scripting vulnerability exists in Jenkins GitLab Plugin. This vulnerability is due to insufficient validation of user provided fields in the build cause of webhook triggered builds...

GHSA-73V5-W6FG-2M44 Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value

A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. Tuleap Git Branch Source Plugin 3.2.5 requires a token to access the webhook endpoi...