CVE CyberSecurity Database News (Page 307)

Jan 28, 2025 Exploit

CVE-2025-0290: Critical Vulnerability in GitLab CE/EE Leads to Unresponsive Background Jobs

A newly discovered vulnerability, labelled CVE-2025-0290, has been found to affect all versions of GitLab CE/EE (Community Edition/Enterprise Edition) staring from version 15.

Jan 28, 2025 Windows

CVE-2025-23084 - Node.js Path Handling Vulnerability on Windows Exposes Root Directory via `path.join`

Date Published: June 2024 CVE: CVE-2025-23084 Platform: Windows Component: Node.js (Affected path utilities, specifically path.join) Introduction A new vulnerability, CVE-2025-23084, has been discovered

Jan 28, 2025

CVE-2024-45341 - Certificate URI with IPv6 Zone ID Bypasses Name Constraints in Private PKIs

The software world cares a lot about authentication and trust, and Public Key Infrastructure (PKI) is the backbone of digital certificates everywhere. Occasionally, vulnerabilities pop

Jan 28, 2025 Exploit

CVE-2024-45339 - How Predictable Log Files Can Overwrite Sensitive Data in glog (And How to Stay Safe)

Security flaws in how software handles log files are surprisingly common. One such vulnerability, CVE-2024-45339, was discovered in the popular C++ logging library glog. In

Jan 28, 2025

CVE-2024-45336 - How HTTP Clients Leak Sensitive Headers via Cross-Domain Redirects

A recently tracked vulnerability, CVE-2024-45336, is making waves in the web security community. This bug, found in the handling of HTTP redirects, may cause sensitive