In Zulip Server versions 7.0 and above a medium severity vulnerability CVE-2024-56136 was detected. This vulnerability allows unauthenticated attackers to determine if an email address is in use by a user on servers hosting multiple organizations. To address this issue, users should upgrade Zulip Server to version 9.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56136.
Read more CommunicationIn Elasticsearch versions up to 7.17.21 and up to 8.13.3 a medium severity vulnerability CVE-2024-43709 was detected. This vulnerability allows attackers to cause an OutOfMemoryError exception and crash the system by executing a specially crafted query using an SQL function. To address this issue, users should upgrade Elasticsearch to version 7.17.21 or 8.13.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43709.
Read more Data AnalyticsIn Kibana versions up to 7.17.23 and up to 8.14.2 a medium severity vulnerability CVE-2024-52973 was detected. This vulnerability allows users with read access to the Observability-Logs feature to crash the system by sending a specially crafted request to `/api/log_entries/summary`, due to a lack of resource limits or throttling. To address this issue, users should upgrade Kibana to version 7.17.23 or 8.14.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52973.
Read more Data AnalyticsIn LibreNMS versions up to 24.10.1 a medium severity vulnerability CVE-2025-23200 was detected. This vulnerability allows attackers to inject malicious scripts via a stored XSS on the parameter `state` in `ajax_form.php`, leading to potential unauthorized actions or data exposure. To address this issue, users should upgrade LibreNMS to version 24.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23200.
Read more MonitoringIn Mattermost Mobile versions 2.22.0 and prior a medium severity vulnerability CVE-2025-20072 was detected. This vulnerability allows attackers to crash the mobile app by supplying crafted malicious input to the style of proto in `post.props.attachments`. To address this issue, users should upgrade to version 2.23.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-20072.
Read more CommunicationIn Mattermost Mobile versions before 2.22.0 a medium severity vulnerability CVE-2025-20630 was detected. This vulnerability allows attackers to crash the Mattermost Mobile app by sending a post with attachments that contain fields unable to be converted to a String. To fix this issue, users should upgrade Mattermost Mobile to version 2.23.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-20630.
Read more CommunicationIn Mattermost versions 10.2.0 and earlier in 10.2.x, 9.11.5 and earlier in 9.11.x, 10.0.3 and earlier in 10.0.x, and 10.1.3 and earlier in 10.1.x a medium severity vulnerability CVE-2025-20621 was detected. This vulnerability allows attackers to crash the Mattermost web app by sending a post with attachments containing fields that cannot be converted to a String. To fix this issue, users should upgrade Mattermost to versions 10.2.1, 10.1.4, 10.0.4, and 9.11.6. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-20621.
Read more CommunicationIn Sentry versions starting from 21.12.0 before 24.12.1 a medium severity vulnerability CVE-2025-22146 was detected. This vulnerability allows attackers to exploit Sentry’s SAML SSO to crash the application by sending posts with improperly formatted attachments. To fix this issue, users should upgrade Sentry to version 25.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-22146.
Read more MonitoringIn Librenms versions up to 24.10.1 a medium severity vulnerability CVE-2025-23200 was detected. This vulnerability allows attackers to inject malicious scripts into Librenms, which can then execute when viewed by a user, potentially leading to unauthorized actions or data exposure. To fix this issue, users should upgrade Librenms to version 24.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-23200.
Read more Monitoring