CVE-2025-3396 – GitLab EE API Request Forgery Vulnerability

July 10, 2025

CVE ID : CVE-2025-3396

Published : July 10, 2025, 9:15 a.m. | 4 hours, 51 minutes ago

Description : An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-38345 – “Intel Virtual Box ACPICA Illegal I/O Port Address/Length Vulnerability”

Next Article CVE-2025-38347 – F2FS Inline Data Corruption Denial of Service (DoS) Vulnerability

Highlights

CVE-2025-4029 – Apache Code-projects Personal Diary Stack-based Buffer Overflow Vulnerability

April 28, 2025

CVE ID : CVE-2025-4029

Published : April 28, 2025, 5:15 p.m. | 1 hour, 50 minutes ago

Description : A vulnerability was found in code-projects Personal Diary Management System 1.0 and classified as critical. Affected by this issue is the function addrecord of the component New Record Handler. The manipulation of the argument filename leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Optimizing PWAs For Different Display Modes

Node.js Web App Development Costs: A 2025 Executive Pricing Guide

Google locking down Android security with upcoming developer verification requirements for sideloaded apps

Microsoft donates DocumentDB to the Linux Foundation

Google can translate your voice in real time now – try it free

The one-click Linux app I use for instant online anonymity

You can try Android 16’s new lock screen widgets – if you have one of these phones

Apple’s iPhone 17 event launch date is official – here’s everything we expect

Password Strength Estimator Validation in Laravel

Password Strength Estimator Validation in Laravel

Laravel’s Enhanced String Validation with Inverse Methods

Using SQLite in production with Laravel

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Why Final Fantasy XIV fans are review‑bombing the game on Steam

Google Chrome VPN under fire for secretly screenshotting users’ browsing habits

CVE-2025-3396 – GitLab EE API Request Forgery Vulnerability

Yemen Cyber Army hacker jailed after stealing millions of people’s data

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

CVE-2024-42446 – APTIOV BIOS TOCTOU Race Condition Vulnerability

CVE-2025-26383 – Apache iSTAR Memory Information Disclosure

CVE-2025-49452 – PostaPanduri SQL Injection

Microsoft Teams adds social-style Storyline feed for individual updates

CVE-2025-4029 – Apache Code-projects Personal Diary Stack-based Buffer Overflow Vulnerability

Microsoft nags more users with Windows 10 end of life banner, says get Windows 11

From Bottlenecks to Breakthroughs – AI’s Role in Insurance Process Automation

The difference between a product and a project

CVE-2025-3396 – GitLab EE API Request Forgery Vulnerability

Related Posts