In Keycloak in versions prior to 26.3.0 a high severity vulnerability CVE-2025-7365 was detected. This vulnerability allows an authenticated attacker to exploit the account merging process during an identity provider login. By modifying their email to match that of a victim, the attacker triggers a verification email sent to the victim without revealing their own address. To address this issue users must upgrade to version 26.3.0. For more details, visit https://www.cvedetails.com/cve/CVE-2025-7365/.
Read more Security
In Apache Guacamole versions 1.5.5 and earlier a high severity vulnerability CVE-2024-35164 was detected. This vulnerability allows a malicious user with access to a text-based connection (such as SSH) to exploit improperly validated console codes, potentially leading to arbitrary code execution with the privileges of the running guacd process. To fix this issue, users should upgrade to version 1.6.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-35164.
In authentik versions prior to 2025.4.3 and 2025.6.3 a medium severity vulnerability CVE-2025-52553 was detected. This vulnerability allows unauthorized users to reuse session tokens tied to RAC (Remote Access Component) endpoints by copying URLs containing these tokens, potentially accessing the same session during actions like screensharing. To address this issue, users should upgrade authentik to versions 2025.4.3 or 2025.6.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52553.
Read more Security
In Vault Community and Vault Enterprise versions prior to 1.20.0 a low severity vulnerability CVE-2025-4656 was detected. This vulnerability allows Vault operators to trigger denial-of-service (DoS) conditions by cancelling rekey or recovery key operations without proper control. To address this issue, users should upgrade Vault Community Edition to versions 1.20.0, Vault Enterprise to versions 1.20.0, 1.19.6, 1.18.11, 1.17.17 or 1.16.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4656.
Read more Security
In Traefik versions 2.11.24 and prior, 3.4.0 and prior a low severity vulnerability CVE-2025-47952 was detected. This vulnerability allows attackers to bypass the middleware chain and target unintended backends by exploiting URL-encoded strings in the request path when PathPrefix, Path, or PathRegex matchers are used. To address this issue, users should upgrade to versions 2.11.25, 3.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47952.
Read more Security
In Vault Community Edition versions prior to 1.19.3, and in Vault Enterprise versions from 0.3.0 up to 1.19.2, 1.18.8, 1.17.15 and 1.16.19 a medium severity vulnerability CVE-2025-4166 was detected. This vulnerability allows attackers to unintentionally expose sensitive information in server and audit logs when submitting malformed payloads via the REST API during secret creation or updates. To address this issue, users should upgrade Vault Community to versions 1.19.3 or Vault Enterprise to versions 1.19.3, 1.18.9, 1.17.16 or 1.16.20. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4166.
Read more Security
In Vault Community Edition versions from 0.10.0 up to 1.19.0, and Vault Enterprise from 0.10.0 up to 1.19.0, 1.18.6, 1.17.13 and 1.16.17 a medium severity vulnerability CVE-2025-3879 was detected. This vulnerability allows attackers to bypass the `bound_locations` parameter during login due to improper validation of claims in Azure-issued tokens within the Azure Auth method. To address this issue, users should upgrade Vault Community to versions 1.19.1 or Vault Enterprise to versions 1.19.1, 1.18.7, 1.17.14 or 1.16.18. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3879.
Read more Security
In Traefik versions prior to 2.11.24, 3.3.6 and 3.4.0-rc2 a high severity vulnerability CVE-2025-32431 was detected. This vulnerability allows attackers to bypass middleware chains by exploiting path matchers (PathPrefix, Path, or PathRegex) when a request URL contains `/../`, potentially targeting unintended backends. To address this issue, users should upgrade Traefik to versions 2.11.24, 3.3.6 or 3.4.0-rc2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32431.
Read more Security
In OpenVPN versions 2.6.1 through 2.6.13 a high severity vulnerability CVE-2025-2704 was detected. This vulnerability allows remote attackers to trigger a denial of service by corrupting and replaying network packets during the early TLS-crypt-v2 handshake phase when OpenVPN is operating in server mode. To address this issue, users should upgrade OpenVPN to versions 2.6.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2704.
Read more Security