Security Vulnerabilities
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-27
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-27
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function
CVSS Score
7.6
EPSS Score
0.0
Published
2025-10-24
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function
CVSS Score
7.6
EPSS Score
0.0
Published
2025-10-24
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-24
PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function
CVSS Score
7.6
EPSS Score
0.0
Published
2025-10-24
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-24
A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-23
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23