Common Vulnerabilities and Exposures (CVE)

CVE-2025-45311

Nov 28, 2025 19:56:01 UTC

Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an...

CVE-2024-11831

Nov 28, 2025 19:52:40 UTC

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicio...

CVE-2025-34027

Nov 28, 2025 19:43:34 UTC

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a...

CVE-2025-34025

Nov 28, 2025 19:43:04 UTC

The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape c...

CVE-2025-34026

Nov 28, 2025 19:42:27 UTC

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged ...

CVE-2025-13611

Nov 28, 2025 19:35:15 UTC

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens u...

CVE-2025-12653

Nov 28, 2025 19:35:10 UTC

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizati...

CVE-2025-12571

Nov 28, 2025 19:35:05 UTC

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending spe...

CVE-2025-7449

Nov 28, 2025 19:34:58 UTC

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service co...

CVE-2025-6195

Nov 28, 2025 19:34:53 UTC

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain con...

CVE-2025-66360

Nov 28, 2025 19:34:48 UTC

An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.

CVE-2025-66361

Nov 28, 2025 19:34:43 UTC

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.

CVE-2025-66359

Nov 28, 2025 19:34:37 UTC

An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.

CVE-2025-0658

Nov 28, 2025 19:34:32 UTC

A vulnerability in Automated Logic and Carrier's Zone Controller via BACnet protocol causes the device to crash. The device enters a fault state; after a reset, a second packet can leave it permanently unresponsive until a manual power cycl...

CVE-2025-0657

Nov 28, 2025 19:34:27 UTC

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a...