Security

In Appsmith versions before 1.51 a medium severity vulnerability CVE-2024-55963 was detected. This vulnerability allows users without admin permissions to trigger the restart API on Appsmith, causing a denial of service by repeatedly restarting the server due to incorrect access control checks that should verify superuser permissions before processing the request. To address this issue, users should upgrade Appsmith to versions 1.51 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55963.

In Wazuh versions starting from 4.4.0 and prior to 4.9.1 a high severity vulnerability CVE-2025-24016 was detected. This vulnerability allows attackers to execute malicious code on Wazuh servers by exploiting a flaw in how data is processed, potentially compromising the server. To fix this issue users should upgrade Wazuh to version 4.9.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-24016.

In Authentik versions before 2024.10.4 a medium severity vulnerability CVE-2024-11623 was detected. This vulnerability allows authenticated admin users to upload crafted SVG files, which can lead to stored XSS attacks through the application icons. To address this issue, users should upgrade Authentik to version 2024.10.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11623.

In Wazuh versions up to and including 4.9.0 a medium severity vulnerability CVE-2024-47770 was detected. This vulnerability allows attackers to see the Wazuh agent list without permission, which could expose important system information. To fix this issue, users should upgrade Wazuh to version 4.9.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47770.

In Wazuh versions prior to 4.9.0 a high severity vulnerability CVE-2024-35177 was detected. This vulnerability allows attackers to gain full system access by placing malicious files in the Wazuh agent folder when installed in a non-default location. To fix this issue, users should upgrade Wazuh to version 4.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-35177.

In Vaultwarden versions prior to 1.33.0 a high severity vulnerability CVE-2025-24365 was detected. This vulnerability allows attackers to obtain owner rights of another organization if they know the ID of the target organization and are already the owner or admin of another organization. To address this issue, users should upgrade to version 1.33.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24365.

In Keycloak versions 26.1.0 and prior a medium severity vulnerability CVE-2025-0604 was detected. This vulnerability allows attackers to bypass authentication by exploiting a flaw in Active Directory password resets, enabling users with expired or disabled AD accounts to regain access without proper LDAP validation. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0604.

In Invoice Ninja versions 5.8.56 through 5.11.23 a high severity vulnerability CVE-2025-0474 was detected. This vulnerability allows attackers to perform authenticated Server-Side Request Forgery (SSRF), enabling arbitrary file read and network resource requests as the application user. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0474.

In Keycloak versions prior to 26.0.8 a medium severity vulnerability CVE-2024-11736 was detected. This vulnerability allows admin users to access sensitive server environment variables and system properties through URLs. By using placeholders like ${env.VARNAME} or ${PROPNAME}, the server replaces them with actual values during URL processing. To address this issue, users should upgrade Keycloak to version 26.0.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11736.