CVE-2025-0605 – GitLab Two-Factor Authentication Bypass

May 22, 2025

CVE ID : CVE-2025-0605

Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-0993 – GitLab Denial of Service

Next Article CVE-2024-12093 – GitLab SAML XPath Validation Bypass

Highlights

CVE-2025-4474 – WordPress Frontend Dashboard Plugin Privilege Escalation Vulnerability

May 13, 2025

CVE ID : CVE-2025-4474

Published : May 13, 2025, 7:15 a.m. | 1 hour, 23 minutes ago

Description : The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the plugin’s ‘register’ role setting to make new user registrations default to the administrator role, leading to an elevation of privileges to that of an administrator.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Outdated IT help desks are holding businesses back – but there is a solution

Android’s latest update can force apps into dark mode – how to see it now

I tried the Google Pixel Watch 4 – and these key features made it feel indispensable

Building Cross-Platform Alerts with Laravel’s Notification Framework

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

How to install OpenPlatform — IoT platform

Basics of Digital Forensics

Basics of Digital Forensics

Top Linux Server Automation Tools: Simplifying System Administration

Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape

CVE-2025-0605 – GitLab Two-Factor Authentication Bypass

“What happens online stays online” and other cyberbullying myths, debunked

The need for speed: Why organizations are turning to rapid, trustworthy MDR

CVE Program rescued at the last minute after concerns over losing its government funding

JustDD is a USB Image Writer

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

SonicWall OS Command Injection Vulnerability Exploited in the Wild

CVE-2025-4474 – WordPress Frontend Dashboard Plugin Privilege Escalation Vulnerability

CVE-2025-55159 – Apache Slab Uninitialized Memory Access Vulnerability

Step aside, Siri: Perplexity’s new AI voice assistant for iPhone can take it from here

Manufacturing Security: Why Default Passwords Must Go

CVE-2025-0605 – GitLab Two-Factor Authentication Bypass

Related Posts