4.3
CVE-2025-0516 - Incorrect Authorization in GitLab
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.
7.8
CVE-2025-0332 - Progress UI for WinForms decompression path traversal vulnerability
In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.
8.8
CVE-2025-0556 - Telerik Report Server Clear Text Transmission of Agent Commands
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local netwo…
7.8
CVE-2024-12251 - Improper neutralization special element in hyperlinks
In Progress® Telerik® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.
6.5
CVE-2024-12379 - Allocation of Resources Without Limits or Throttling in GitLab
A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.
8.7
CVE-2025-0376 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.
4.3
CVE-2025-1212 - Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.
4.9
CVE-2025-1042 - Files or Directories Accessible to External Parties in GitLab
An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.
5.3
CVE-2025-1206 - Codezips Gym Management System viewdetailroutine.php sql injection
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The explo…
5.3
CVE-2025-1202 - SourceCodester Best Church Management Software edit_slider.php sql injection
A vulnerability classified as critical has been found in SourceCodester Best Church Management Software 1.1. Affected is an unknown function of the file /admin/edit_slider.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has …