CVE-2025-4278 – GitLab CE/EE HTML Injection Vulnerability

June 12, 2025

CVE ID : CVE-2025-4278

Published : June 12, 2025, 10:16 a.m. | 3 hours, 13 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5996 – GitLab HTTP Response Denial of Service Vulnerability

Next Article CVE-2025-2254 – GitLab Cross-Site Scripting (XSS) Vulnerability

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

Docker Compose gets new features for building and running agents

Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

Don’t miss out on the best ROG Ally accessory deals going on now — Improve your gaming handheld PC with a microSD card, power bank, dock, and more

Regolith – A JavaScript library immune to ReDoS attacks

Regolith – A JavaScript library immune to ReDoS attacks

Create Your Own Redux: Build a Custom State Management in React

Perficient Nagpur Celebrates Contentstack Implementation Certification Success!

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

CVE-2025-4278 – GitLab CE/EE HTML Injection Vulnerability

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

AlphaDev discovers faster sorting algorithms

CVE-2025-3611 – Mattermost System Manager Access Control Enforcement Vulnerability

GitHub Enterprise Server Vulnerabilities Expose Risk of Code Execution and Data Leaks

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Anthropic launches Claude for Education, an AI to help students think critically

CVE-2025-53179 – Adobe PDF Preview Module Null Pointer Dereference Vulnerability

CVE-2025-43698 – Salesforce OmniStudio FlexCards Field Level Security Bypass Vulnerability

DeepMind CEO calls Google’s updated Gemini 2.5 Pro AI “the best coding model” with a taste for aesthetic web development

CVE-2025-4278 – GitLab CE/EE HTML Injection Vulnerability

Related Posts