In Elasticsearch versions prior to 7.17.25 and prior to 8.16.0 a medium severity vulnerability CVE-2024-52979 was detected. This vulnerability allows attackers to trigger uncontrolled resource consumption by submitting specially crafted search templates using Mustache functions, potentially leading to a Denial of Service by crashing the Elasticsearch node. To address this issue, users should upgrade Elasticsearch to versions 7.17.25 or 8.16.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52979.
Read more Data AnalyticsIn Kibana versions 7.17.0 up to 7.17.18 and 8.0.0 up to 8.12.3 a medium severity vulnerability CVE-2025-25016 was detected. This vulnerability allows authenticated attackers to compromise software integrity by uploading crafted malicious files due to insufficient server-side validation. To address this issue, users should upgrade Kibana to versions 7.17.19 or later and 8.13.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25016.
Read more Data AnalyticsIn Kibana versions 7.17.6 up to and including 7.17.23 and 8.4.0 up to and including 8.11.4 a medium severity vulnerability CVE-2024-11390 was detected. This vulnerability allows attackers with access to the Synthetics app or write permissions to synthetics indices to upload crafted HTML and JavaScript files, leading to arbitrary JavaScript execution (XSS) in a victim’s browser. To address this issue, users should upgrade Kibana to versions 7.17.24 or 8.12.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11390.
Read more Data AnalyticsIn Buddyboss Platform plugin for WordPress versions 2.8.50 and prior a medium severity vulnerability CVE-2024-13860 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to inject malicious scripts via the `bbp_topic_title` parameter, leading to Stored Cross-Site Scripting (XSS) on affected pages. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13860.
Read more CMSIn Discourse versions prior to 3.4.3 (stable) and 3.5.0.beta3 (beta) a medium severity vulnerability CVE-2025-32376 was detected. This vulnerability allows attackers to bypass the user limit for direct messages (DMs), potentially enabling the creation of a DM including every user on a site. To address this issue, users should upgrade Discourse to versions 3.4.3 (stable) or later, 3.5.0.beta3 (beta) or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32376.
Read more CommunicationIn Redmine versions 6.0.0 through 6.0.3 a medium severity vulnerability CVE-2025-4011 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) via manipulation of the “Name” argument in the Custom Query Handler. To address this issue, users should upgrade Redmine to versions 6.0.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4011.
Read more Project Management