Whalers Blog

CVE ID : CVE-2025-5459 Published : June 26, 2025, 7:15 a.m. | 2 hours, 42 minutes ago Description : A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has…

CVE ID : CVE-2025-5846 Published : June 26, 2025, 6:15 a.m. | 3 hours, 42 minutes ago Description : An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted…

CVE ID : CVE-2025-5315 Published : June 26, 2025, 6:15 a.m. | 3 hours, 42 minutes ago Description : An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident…

CVE ID : CVE-2025-48497 Published : June 26, 2025, 6:15 a.m. | 3 hours, 42 minutes ago Description : Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered. Severity: 4.3 | MEDIUM…

CVE ID : CVE-2025-41404 Published : June 26, 2025, 6:15 a.m. | 3 hours, 42 minutes ago Description : Direct request (‘Forced Browsing’) issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product. Severity: 4.3 | MEDIUM…

CVE ID : CVE-2025-3279 Published : June 26, 2025, 6:15 a.m. | 3 hours, 42 minutes ago Description : An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests.…

CVE ID : CVE-2025-37101 Published : June 26, 2025, 6:15 a.m. | 3 hours, 25 minutes ago Description : A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions). Severity: 8.7…

CVE ID : CVE-2025-5590 Published : June 26, 2025, 2:15 a.m. | 7 hours, 25 minutes ago Description : The Owl carousel responsive plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient…

CVE ID : CVE-2025-4334 Published : June 26, 2025, 2:15 a.m. | 7 hours, 25 minutes ago Description : The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes…

CVE ID : CVE-2025-36038 Published : June 25, 2025, 9:15 p.m. | 12 hours, 25 minutes ago Description : IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. Severity: 9.0 | CRITICAL Visit the link for more details, such…