Gitlab YearTitleSeverityReport2025Account Takeover via Password Reset without user interactions🔴 Critical 10.0linkAccount takeover due to insufficient URL validation on RelayState parameter🟡 Medium 6.8link