CVE-2025-1754 – GitLab Unauthenticated File Upload Vulnerability

June 26, 2025

CVE ID : CVE-2025-1754

Published : June 26, 2025, 6:15 a.m. | 4 hours, 48 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-37101 – HPE OneView for VMware vCenter Vertical Privilege Escalation

Next Article CVE-2025-2938 – GitLab Elevation of Privilege Vulnerability

Highlights

CVE-2025-34045 – WeiPHP WeChat Public Account Path Traversal Vulnerability

June 26, 2025

CVE ID : CVE-2025-34045

Published : June 26, 2025, 4:15 p.m. | 51 minutes ago

Description : A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Jony Ive is building AI gadgets for OpenAI—a wearable, smart speaker, and even a robot

June 10, 2025

Apple sheds $700 billion as Microsoft regains the world’s most valuable company title — amid President Trump’s steep tariffs on Chinese imports

April 9, 2025

CVE-2025-6845 – “Simple Forum SQL Injection Vulnerability”

June 29, 2025

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-1754 – GitLab Unauthenticated File Upload Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-32398 – RT-Labs P-Net NULL Pointer Dereference

Agentforce Implementation Simplified

CVE-2025-28021 – TOTOLINK A810R Buffer Overflow Vulnerability

OpenAI tells ChatGPT users to take a break — Altman asks “What have we done?” just days before GPT-5 launch

CVE-2025-34045 – WeiPHP WeChat Public Account Path Traversal Vulnerability

Jony Ive is building AI gadgets for OpenAI—a wearable, smart speaker, and even a robot

Apple sheds $700 billion as Microsoft regains the world’s most valuable company title — amid President Trump’s steep tariffs on Chinese imports

CVE-2025-6845 – “Simple Forum SQL Injection Vulnerability”

CVE-2025-1754 – GitLab Unauthenticated File Upload Vulnerability

Related Posts