In Ansible Automation Platform’s EDA component, all versions before 1.1.10 a high severity vulnerability CVE-2025-49520 was detected. This vulnerability allows attackers to execute arbitrary system commands on the EDA worker by injecting malicious arguments into the git ls-remote command, potentially leading to sensitive data exposure, such as Kubernetes or OpenShift service account tokens, and full cluster compromise. To fix this issue, users should upgrade Ansible Automation Platform’s EDA component to version 1.1.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49520.
Read more IT Business Management
In AAPanel version 7.0.7 a critical severity vulnerability CVE-2024-42922 was detected. This vulnerability allows attackers to perform OS command injection, potentially leading to full system compromise. To address this issue users must upgrade to a patched version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-42922.
Read more Application Development
In Apache Cassandra versions 4.0.0 through 4.0.15, 4.1.0 through 4.1.7, and 5.0.0 through 5.0.2
a high severity vulnerability CVE-2025-24860 was detected. This vulnerability allows users to access unauthorized datacenters or IP/CIDR groups and modify their own permissions via DCL statements. To fix this issue, users should upgrade to versions 4.0.16, 4.1.8, or 5.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24860.
In Sentry versions prior to 25.5.0 a high severity vulnerability CVE-2025-53099 was detected. This vulnerability allows attackers with a malicious OAuth application to exploit a race condition and improper authorization code handling during the OAuth exchange process, enabling them to maintain persistent access to a user’s account even after the application is de-authorized. To address this issue users must upgrade to version 25.5.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53099.
Read more Monitoring
In Apache Guacamole versions 1.5.5 and earlier a high severity vulnerability CVE-2024-35164 was detected. This vulnerability allows a malicious user with access to a text-based connection (such as SSH) to exploit improperly validated console codes, potentially leading to arbitrary code execution with the privileges of the running guacd process. To fix this issue, users should upgrade to version 1.6.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-35164.
In Mattermost versions up to and including 10.5.5, 9.11.15, 10.6.5, 10.7.2, and 10.8.0 a medium severity vulnerability CVE-2025-47871 was detected. This vulnerability allows authenticated users who are playbook members but not channel members to access sensitive information about linked private channels, including channel name, display name, and participant count, through the run metadata API endpoint. To address this issue users must upgrade to versions 10.5.6, 9.11.16, 10.6.6, 10.7.3, or 10.8.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47871.
Read more Communication
In MongoDB Server versions 6.0 prior to 6.0.21, 7.0 prior to 7.0.17, and 8.0 prior to 8.0.4 a high severity vulnerability CVE-2025-6706 was detected. This vulnerability allows authenticated users to trigger a use-after-free condition that may result in a MongoDB Server crash and other unexpected behavior, even without authorization to shut down the server. To address this issue users must upgrade to versions 6.0.21, 7.0.17, or 8.0.4 respectively. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6706.
Read more Database
In Sentry versions 25.1.0 through 25.5.1 a medium severity vulnerability CVE-2025-53073 was detected. This vulnerability allows authenticated attackers to perform unauthorized actions, such as adding comments, on a project’s issue endpoint without being a member of the project’s team. Currently there is no fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53073.
Read more Monitoring
In Mattermost versions 10.5.x up to 10.5.5, 9.11.x up to 9.11.15, 10.8.x up to 10.8.0, 10.7.x up to 10.7.2, and 10.6.x up to 10.6.5 a medium severity vulnerability CVE-2025-46702 was detected. This vulnerability allows attackers to gain unauthorized access to sensitive channel content and allows guest users to gain channel management privileges. To fix this issue, users should upgrade Mattermost to versions 10.5.6, 9.11.16, 10.8.1, 10.7.3, and 10.6.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46702.
Read more Communication