CVE CyberSecurity Database News (Page 147)

Mar 13, 2025 API

CVE-2024-12380 - How GitLab Repo Mirroring Could Leak Your Secrets

GitLab is one of the most popular tools for collaborative software development. But sometimes, even big names get things wrong. Today, we’ll dive into

Mar 13, 2025 API Exploit

CVE-2024-7296 - GitLab EE Membership Approval Bypass Explained with Exploit Details

Recently, security researchers uncovered a significant vulnerability in GitLab Enterprise Edition (EE) tracked as CVE-2024-7296. If you’re running GitLab in your organization and depend

Mar 13, 2025 Exploit Java

CVE-2020-36843: EdDSA-Java Signature Malleability Exploit in Versions through .3.

A security vulnerability has recently been discovered in the EdDSA-Java (aka ed25519-java) library, specifically in versions up to and including .3.. This vulnerability, documented as

Mar 12, 2025

CVE-2025-25292 - How ruby-saml’s XML Parser Difference Led to SSO Authentication Bypass

ruby-saml is a popular Ruby library for supporting Security Assertion Markup Language (SAML) single sign-on (SSO). Widely used in Ruby applications, it’s trusted by

Mar 12, 2025

CVE-2025-25291 - Exploiting Authentication Bypass in ruby-saml via Signature Wrapping

CVE-2025-25291 is a newly disclosed vulnerability affecting the popular ruby-saml library for Ruby, which enables developers to integrate SAML Single Sign-On (SSO) capabilities into their