CVE-2025-1478 – GitLab CE/EE Denial of Service Vulnerability in Board Names

June 12, 2025

CVE ID : CVE-2025-1478

Published : June 12, 2025, 10:16 a.m. | 3 hours, 43 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2254 – GitLab Cross-Site Scripting (XSS) Vulnerability

Next Article GitLab patches high severity account takeover, missing auth issues

Highlights

CVE-2025-43862 – Dify APP Orchestration Privilege Escalation Vulnerability

April 25, 2025

CVE ID : CVE-2025-43862

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Ultimate Guide to Node.js Development Pricing for Enterprises

Stack Overflow: Developers’ trust in AI outputs is worsening year over year

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

I replaced my Samsung OLED TV with this Sony Mini LED model for a week – and didn’t regret it

I tested the most popular robot mower on the market – and it was a $5,000 crash out

5 gadgets and accessories that leveled up my gaming setup (including a surprise console)

Why I’m patiently waiting for the Samsung Z Fold 8 next year (even though the foldable is already great)

Performance Analysis with Laravel’s Measurement Tools

Performance Analysis with Laravel’s Measurement Tools

Memoization and Function Caching with this PHP Package

Laracon US 2025 Livestream

Microsoft mysteriously offered a Windows 11 upgrade to this unsupported Windows 10 PC — despite it failing to meet the “non-negotiable” TPM 2.0 requirement

Microsoft mysteriously offered a Windows 11 upgrade to this unsupported Windows 10 PC — despite it failing to meet the “non-negotiable” TPM 2.0 requirement

With Windows 10’s fast-approaching demise, this Linux migration tool could let you ditch Microsoft’s ecosystem with your data and apps intact — but it’s limited to one distro

Windows 10 is 10 years old today — let’s look back at 10 controversial and defining moments in its history

CVE-2025-1478 – GitLab CE/EE Denial of Service Vulnerability in Board Names

CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation

Tea App Data Breach: 72,000 Selfies and IDs of Women Leaked Online

Ethereal is a UCI chess engine

CVE-2025-38175 – Linux Kernel Binder UAF Vulnerability

Securely Store API, Bearer and Auth Tokens with Platform Cache

Samsung MagicINFO 9-servers doelwit van botnet, update niet beschikbaar

CVE-2025-43862 – Dify APP Orchestration Privilege Escalation Vulnerability

U.S. Govt. Funding for MITRE’s CVE Ends April 16, Cybersecurity Community on Alert

CVE-2025-4240 – PCMan FTP Server LCD Command Handler Buffer Overflow Vulnerability

La rivoluzione architetturale di AerynOS: Non solo una distribuzione GNU/Linux

CVE-2025-1478 – GitLab CE/EE Denial of Service Vulnerability in Board Names

Related Posts