VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.
Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016; and 2 more. Affected products named by the advisory: Windows Server 2012 R2.
libcurl – Cross Proxy Digest Authentication State Leak
CVSSv3 Score: 2.1 A Missing Authorization [CWE-862] in FortiClient Windows may allow an authenticated local attacker to decrypt a currently logged in users VPN password via use of an unprotected DLL function. Revised on 2026-05-12 00:00:00
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper authorization checks.
Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to Apache Airflow 3.2.0 that has the fix implemented
CVSSv3 Score: 2.5 An Insufficiently protected credentials vulnerability [CWE-522] in FortiSanbox and FortiSanbox PaaS GUI may allow an authenticated administrator to read LDAP server credentials via client-side inspection. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 2.2 An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file. Revised on 2026-04-14 00:00:00
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations.
GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions.
A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later
OTP Invalidation Missing Upon Regeneration
MongoBleed: MongoDB Memory Disclosure Vulnerability (CVE-2025-14847)
CVSSv3 Score: 1.8 An Improper Privilege Management vulnerability [CWE-269] in FortiOS, FortiProxy and FortiPAM may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command. Revised on 2026-05-27 00:00:00
Stored Cross-Site Scripting Vulnerability
CVSSv3 Score: 2.6 An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command. Revised on 2026-06-08 00:00:00
CVSSv3 Score: 3.9 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL. Revised on 2026-06-15 00:00:00
Apache Tomcat Remote Code Execution (CVE-2025-24813) Vulnerability
Remote Code Execution Vulnerability in the Spring Framework