CVE-2025-2246 – GitLab Unauthenticated GraphQL API Access Vulnerability

August 27, 2025

CVE ID : CVE-2025-2246

Published : Aug. 27, 2025, 8:15 p.m. | 5 hours, 29 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API.

Severity: 5.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-37777 – O2OA Remote Code Execution Vulnerability

Next Article CVE-2025-55422 – FoxCMS Reflected Cross Site Scripting (XSS)

Highlights

CVE-2025-27558 – Wi-Fi Protected Access (WPA, WPA2, WPA3) and Wired Equivalent Privacy (WEP) Mesh Network FragAttacks

May 21, 2025

CVE ID : CVE-2025-27558

Published : May 21, 2025, 7:16 p.m. | 1 hour, 25 minutes ago

Description : IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing For TV: The Evergreen Pattern That Shapes TV Experiences

Amplitude launches new self-service capabilities for marketing initiatives

Microsoft packs Visual Studio August update with smarter AI features

Optimizing PWAs For Different Display Modes

Why this $25 ratchet tool beats any multitool or Swiss Army Knife I’ve ever tested

One of my favorite sports watches from 2024 just got upgrades in all the right places

Google’s AI Mode is getting more links for you not to click on

I still prefer Apple Watch over Oura Ring for 3 key reasons – but there is one big drawback

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

spatie/laravel-rdap

mvanduijker/laravel-mercure-broadcaster

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

‘There Are No Ghosts At The Grand’ looks glorious — I’m more excited than ever for this upcoming Xbox Game Pass release

Epic Games CEO Tim Sweeney says Unreal Engine 5’s performance problems aren’t about the engine — they’re about when developers choose to optimize

CVE-2025-2246 – GitLab Unauthenticated GraphQL API Access Vulnerability

First known AI-powered ransomware uncovered by ESET Research

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

I Found a New Open Source Grammar Checker Tool And I Like it… Well… Kind of

CVE-2025-5051 – FreeFloat FTP Server Buffer Overflow Vulnerability

SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475

CVE-2025-2817 – Mozilla Firefox System File Privilege Escalation

CVE-2025-27558 – Wi-Fi Protected Access (WPA, WPA2, WPA3) and Wired Equivalent Privacy (WEP) Mesh Network FragAttacks

CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications

How to Upgrade to Ubuntu 25.04 ‘Plucky Puffin’

CVE-2012-10029 – Nagios XI Command Injection Vulnerability

CVE-2025-2246 – GitLab Unauthenticated GraphQL API Access Vulnerability

Related Posts