CVE-2024-7586 – GitLab EE Webhook Deletion Audit Log Authentication Credentials Disclosure

June 20, 2025

CVE ID : CVE-2024-7586

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32875 – COROS Bluetooth Pairing and Bonding Unencrypted Data Exfiltration

Next Article CVE-2024-53298 – Dell PowerScale OneFS NFS Export Missing Authorization Vulnerability

Highlights

CVE-2025-34037 – Linksys E-Series Router OS Command Injection Vulnerability

June 23, 2025

CVE ID : CVE-2025-34037

Published : June 24, 2025, 1:15 a.m. | 46 minutes ago

Description : An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the “TheMoon” worm to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. This vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

Student Performance Prediction System using Python Machine Learning (ML)

Student Performance Prediction System using Python Machine Learning (ML)

The attack on the npm ecosystem continues

Feature Highlight

Hyprland Made Easy: Preconfigured Beautiful Distros

Hyprland Made Easy: Preconfigured Beautiful Distros

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

CVE-2024-7586 – GitLab EE Webhook Deletion Audit Log Authentication Credentials Disclosure

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Building an End-to-End Object Tracking and Analytics System with Roboflow Supervision

Xubuntu 25.04 released!

CVE-2024-4981 – Pagure Git Repository Symbolic Link Exfiltration

CVE-2025-4368 – Tenda AC8 Buffer Overflow Vulnerability

CVE-2025-34037 – Linksys E-Series Router OS Command Injection Vulnerability

Arriva Slimbook Kymera Black: il nuovo desktop GNU/Linux per giocatori e creatori

CVE-2023-28902 – Skoda MIB3 Infotainment Unit Integer Underflow Denial-of-Service Vulnerability

CVE-2025-46116 – An issue was discovered in CommScope Ruckus Unleas

CVE-2024-7586 – GitLab EE Webhook Deletion Audit Log Authentication Credentials Disclosure

Related Posts