Overview CVE-2025-2615 describes a medium severity vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability allows a blocked user to potentially bypass access restrictions and access sensitive information by establishing GraphQL subscriptions through WebSocket connections. The issue has been addressed in GitLab versions 18.3.6, 18.4.4, and 18.5.2. This article provides a detailed analysis of the vulnerability, its impact, and the necessary steps to mitigate it. Technical Details The vulnerability stems from insufficient access control checks during the processing of GraphQL subscriptions established via WebSocket connections. Even after a user is blocked from accessing GitLab resources, pre-existing WebSocket…
-
-
Overview CVE-2025-11990 is a low severity Cross-Site Request Forgery (CSRF) vulnerability affecting GitLab Enterprise Edition (EE). This vulnerability resides in versions 18.4 before 18.4.4 and 18.5 before 18.5.2. It allows an authenticated user to potentially acquire CSRF tokens by exploiting improper input validation in repository references combined with weaknesses in redirect handling. Technical Details The vulnerability stems from insufficient validation of user-supplied input related to repository references within GitLab EE. Specifically, the system doesn’t properly sanitize or validate the input when processing requests related to repository interactions. This, coupled with a weakness in how GitLab handles redirects, allows an attacker…
-
Overview CVE-2025-11865 is a medium severity vulnerability affecting GitLab EE (Enterprise Edition). It allows a malicious actor, under specific and currently unspecified circumstances, to remove the Duo authentication flows configured by another user. This can lead to a bypass of Multi-Factor Authentication (MFA) for the targeted user, potentially compromising their account security. The vulnerability impacts GitLab EE versions 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2. Technical Details While the specific attack vector remains undisclosed to prevent exploitation, the core issue revolves around insufficient authorization checks within the Duo integration in GitLab EE. An attacker could potentially manipulate…
-
Overview A security vulnerability, identified as CVE-2025-12847, has been discovered in the All in One SEO (AIOSEO) – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress. This flaw allows authenticated attackers with Contributor-level access or higher to delete arbitrary media attachments without proper authorization. All versions up to and including 4.8.9 are affected. This represents a significant risk to website data integrity and availability. Technical Details The vulnerability stems from a missing authorization check within the REST API endpoint /wp-json/aioseo/v1/ai/image-generator. The plugin incorrectly verifies user permissions by only checking for the edit_posts capability, which is…
-
Overview CVE-2025-12494 identifies a medium severity vulnerability in the “Image Gallery – Photo Grid & Video Gallery” plugin for WordPress. This flaw allows authenticated attackers with author-level access or higher to delete arbitrary files on the server due to insufficient file path validation in the ajax_import_file function. Versions up to and including 2.12.28 are affected. Technical Details The vulnerability resides within the ajax_import_file function of the plugin. The lack of proper validation on the file path provided by the attacker allows them to manipulate the function to target and delete files outside of the intended image gallery directories. Specifically, the…
-
Overview CVE-2025-12182 is a medium severity vulnerability found in the Qi Blocks plugin for WordPress. This vulnerability allows authenticated attackers with Contributor-level access or higher to resize arbitrary media library images belonging to other users without proper authorization. This can lead to unintended file writes, disk consumption, and potential server resource abuse through processing large images. Technical Details The vulnerability stems from a missing capability check within the resize_image_callback() function in versions of the Qi Blocks plugin up to and including 1.4.3. Specifically, the plugin fails to properly verify if a user has the necessary permissions to resize a specific…
-
Overview CVE-2025-55034 describes a critical vulnerability affecting General Industrial Controls Lynx+ Gateway devices. This vulnerability stems from weak password requirements, making the device susceptible to brute-force attacks. Successful exploitation allows an attacker to gain unauthorized access to the device and potentially the wider industrial control system (ICS) network. Technical Details The General Industrial Controls Lynx+ Gateway utilizes insufficiently robust password policies. This means that default or easily guessable passwords may be permitted, and there may be a lack of enforcement for password complexity, length, or rotation. An attacker can leverage this weakness to conduct a brute-force attack, systematically attempting different…
-
Published: 2025-11-14T23:15:43.640 Overview CVE-2023-7328 details a significant security vulnerability affecting Screen SFT DAB 600/C firmware versions up to and including 1.9.3. This vulnerability stems from an improper access control on the user management API, enabling unauthenticated attackers to retrieve sensitive user data. This data includes account names and connection metadata, such as client IP addresses and timeout values. This exposure can have serious consequences for the security and privacy of users of the affected devices. Technical Details The vulnerability lies in the insufficient access control mechanisms implemented for the user management API. An attacker can directly query the API endpoints…
-
Overview CVE-2022-4985 details a significant security vulnerability affecting Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500). This flaw allows unauthenticated remote attackers to retrieve the WiFi access point password by sending a crafted HTTP GET request. This unauthorized access can compromise the confidentiality of network traffic and any attached systems, leading to potential data breaches and other malicious activities. Technical Details The vulnerability resides in the /data/activation.json endpoint. By sending a specifically crafted HTTP GET request to this endpoint with certain headers and cookies, an attacker can retrieve a JSON document. This document contains the wifi_password field, which…
-
Overview CVE-2021-4471 details a significant security vulnerability in the TG8 Firewall. This flaw allows a remote, unauthenticated attacker to access a sensitive directory, such as /data/, via HTTP without any authentication requirements. This directory contains credential files for previously logged-in users, potentially exposing usernames and passwords. Technical Details The vulnerability stems from the TG8 Firewall’s failure to implement proper access controls on certain directories. Specifically, the /data/ directory, which stores user credential files, is accessible over HTTP without any form of authentication. An attacker can enumerate and download files within this directory. By analyzing these files, the attacker can obtain…