Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Infrastructure and Network
  • Security

Security

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    5 May 2025 Infrastructure and Network
    Vault: Sensitive Data Exposure in Logs via Malformed Payloads

    In Vault Community Edition versions prior to 1.19.3, and in Vault Enterprise versions from 0.3.0 up to 1.19.2, 1.18.8, 1.17.15 and 1.16.19 a medium severity vulnerability CVE-2025-4166 was detected. This vulnerability allows attackers to unintentionally expose sensitive information in server and audit logs when submitting malformed payloads via the REST API during secret creation or updates. To address this issue, users should upgrade Vault Community to versions 1.19.3 or Vault Enterprise to versions 1.19.3, 1.18.9, 1.17.16 or 1.16.20. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4166.

    Read more
    Security
    5 May 2025 Infrastructure and Network
    Vault: Azure Auth Token Validation Flaw Allows Bypass of bound_locations Restriction

    In Vault Community Edition versions from 0.10.0 up to 1.19.0, and Vault Enterprise from 0.10.0 up to 1.19.0, 1.18.6, 1.17.13 and 1.16.17 a medium severity vulnerability CVE-2025-3879 was detected. This vulnerability allows attackers to bypass the `bound_locations` parameter during login due to improper validation of claims in Azure-issued tokens within the Azure Auth method. To address this issue, users should upgrade Vault Community to versions 1.19.1 or Vault Enterprise to versions 1.19.1, 1.18.7, 1.17.14 or 1.16.18. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3879.

    Read more
    Security
    22 Apr 2025 Infrastructure and Network
    Traefik: Path Matchers Vulnerable to Middleware Bypass via Path Traversal

    In Traefik versions prior to 2.11.24, 3.3.6 and 3.4.0-rc2 a high severity vulnerability CVE-2025-32431 was detected. This vulnerability allows attackers to bypass middleware chains by exploiting path matchers (PathPrefix, Path, or PathRegex) when a request URL contains `/../`, potentially targeting unintended backends. To address this issue, users should upgrade Traefik to versions 2.11.24, 3.3.6 or 3.4.0-rc2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32431.

    Read more
    Security
    4 Apr 2025 Infrastructure and Network
    OpenVPN: DoS via Corrupted Packet Replay in TLS-Crypt-V2 Handshake

    In OpenVPN versions 2.6.1 through 2.6.13 a high severity vulnerability CVE-2025-2704 was detected. This vulnerability allows remote attackers to trigger a denial of service by corrupting and replaying network packets during the early TLS-crypt-v2 handshake phase when OpenVPN is operating in server mode. To address this issue, users should upgrade OpenVPN to versions 2.6.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2704.

    Read more
    Security
    1 Apr 2025 Infrastructure and Network
    Open Webui: Session Fixation Vulnerability Allows Admin Takeover

    In Open Webui versions 0.3.8 a critical severity vulnerability CVE-2024-7053 was detected. This vulnerability allows an attacker with a user-level account to hijack an administrator’s session by exploiting weak session cookie settings, enabling account takeover and potentially remote code execution (RCE) through a malicious image embedded in a chat that steals the admin’s session cookie. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7053.

    Read more
    Security
    1 Apr 2025 Infrastructure and Network
    Open Webui: Lack of Authentication Leads to Server Performance Issues

    In Open Webui versions 0.3.32 a high severity vulnerability CVE-2024-12537 was detected. This vulnerability allows any unauthenticated attacker to access the api/v1/utils/code/format endpoint. If a malicious actor sends a POST request with excessive content, the server could become unresponsive or experience significant performance degradation, potentially causing service interruptions for legitimate users. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-12537.

    Read more
    Security
    31 Mar 2025 Infrastructure and Network
    Authentik: Session Deletion Fails to Revoke Access

    In Authentik versions prior to 2024.12.4 and 2025.2.3 a high severity vulnerability CVE-2025-29928 was detected. When configured to use database session storage, deleting sessions via the Web Interface or API did not revoke access, allowing session holders to remain authenticated. To address this issue, users should upgrade Authentik to versions 2024.12.4 or 2025.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-29928.

    Read more
    Security
    28 Mar 2025 Infrastructure and Network
    Appsmith: Information Disclosure in “App Viewer” Access

    In Appsmith versions before 1.51 a medium severity vulnerability CVE-2024-55965 was detected. This vulnerability allows attackers with “App Viewer” access to view development information in a workspace, specifically a list of datasources in that workspace. To address this issue, users should upgrade Appsmith to versions 1.51 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55965.

    Read more
    Security
    28 Mar 2025 Infrastructure and Network
    Appsmith: Remote Command Execution via Misconfigured PostgreSQL Instance

    In Appsmith versions before 1.52 a critical severity vulnerability CVE-2024-55964 was detected. This vulnerability allows attackers to execute remote commands inside the Appsmith Docker container due to an incorrectly configured PostgreSQL instance, requiring the attacker to access Appsmith, log in, create a datasource, create a query, and execute that query. To address this issue, users should upgrade Appsmith to versions 1.52 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55964.

    Read more
    Security
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy