InfoSecBulletin Cybersecurity for mankind

GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition (CE) and Enterprise Edition (EE) have been released to address these issues. The CVE-2025-0314 allows attackers to inject malicious scripts into GitLab instances via “improper rendering of certain file types” …

Cisco has released a security advisory concerning a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management software. With a daunting CVSS score of 9.9, this vulnerability poses a significant risk, as it could enable remote, authenticated attackers with minimal privileges to elevate their access to administrator status on compromised …

Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit. The Shadowserver Foundation reports that 48,457 Fortinet devices remain publicly exposed and unpatched for CVE-2024-55591, despite urgent warnings in the last week. The situation hasn’t improved. Shadowserver started tracking exposed devices …