CVE-2024-4994 – GitLab CSRF GraphQL Mutation Execution Vulnerability

June 20, 2025

CVE ID : CVE-2024-4994

Published : June 20, 2025, 7:15 p.m. | 3 hours, 29 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab’s GraphQL API leading to the execution of arbitrary GraphQL mutations.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-4025 – “GitLab Markdown DoS Vulnerability”

Next Article CVE-2025-6358 – Code-Projects Simple Pizza Ordering System SQL Injection Vulnerability

Highlights

CVE-2025-43864 – React Router Cache Poisoning Vulnerability

April 24, 2025

CVE ID : CVE-2025-43864

Published : April 25, 2025, 1:15 a.m. | 1 hour, 45 minutes ago

Description : React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2024-4994 – GitLab CSRF GraphQL Mutation Execution Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-7524 – “TOTOLINK T6 HTTP POST Request Handler Command Injection Vulnerability”

CVE-2025-47301 – Cisco Router Unvalidated Redirect

Microsoft: Windows 11 24H2 now works with Easy Anti-Cheat (Fortnite), won’t cause BSODs anymore

CVE-2024-9512 – GitLab EE Clone Privilege Escalation Vulnerability

CVE-2025-43864 – React Router Cache Poisoning Vulnerability

Should you buy Google’s $130 Pixel Buds over Apple, Sony and Bose? How they compare

Windows 10 removes Start menu jump lists (file list) for tiles in April 2025 Update

Inside GitHub: How we hardened our SAML implementation

CVE-2024-4994 – GitLab CSRF GraphQL Mutation Execution Vulnerability

Related Posts