Security Vulnerabilities
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-26
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions.
CVSS Score
2.0
EPSS Score
0.0
Published
2025-11-26
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-26
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON payloads.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-26
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-11-26
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-26
Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2025-11-26