10
CVE-2025-2857 - firefox: Firefox IPC sandbox escape on windows
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was β¦
5.3
CVE-2025-2847 - Codezips Gym Management System over_month.php sql injection
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. The attack may be initiated remotely. The explβ¦
3.7
CVE-2024-9773 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add maliciousβ¦
8.7
CVE-2025-0811 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.
6.9
CVE-2025-2846 - SourceCodester Online Eyewear Shop Registration Users.php registration sql injection
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argument ID leads to sql injection. The attack cβ¦
7.5
CVE-2025-2242 - Incorrect Authorization in GitLab
An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to gβ¦
8.7
CVE-2025-2255 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec.
2.7
CVE-2025-31141 -
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
4.6
CVE-2025-31140 -
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
4.3
CVE-2025-31139 -
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log