Security

In Wazuh versions up to and including 4.9.0 a medium severity vulnerability CVE-2024-47770 was detected. This vulnerability allows attackers to see the Wazuh agent list without permission, which could expose important system information. To fix this issue, users should upgrade Wazuh to version 4.9.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47770.

In Wazuh versions prior to 4.9.0 a high severity vulnerability CVE-2024-35177 was detected. This vulnerability allows attackers to gain full system access by placing malicious files in the Wazuh agent folder when installed in a non-default location. To fix this issue, users should upgrade Wazuh to version 4.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-35177.

In Vaultwarden versions prior to 1.33.0 a high severity vulnerability CVE-2025-24365 was detected. This vulnerability allows attackers to obtain owner rights of another organization if they know the ID of the target organization and are already the owner or admin of another organization. To address this issue, users should upgrade to version 1.33.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24365.

In Keycloak versions 26.1.0 and prior a medium severity vulnerability CVE-2025-0604 was detected. This vulnerability allows attackers to bypass authentication by exploiting a flaw in Active Directory password resets, enabling users with expired or disabled AD accounts to regain access without proper LDAP validation. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0604.

In Invoice Ninja versions 5.8.56 through 5.11.23 a high severity vulnerability CVE-2025-0474 was detected. This vulnerability allows attackers to perform authenticated Server-Side Request Forgery (SSRF), enabling arbitrary file read and network resource requests as the application user. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0474.

In Keycloak versions prior to 26.0.8 a medium severity vulnerability CVE-2024-11736 was detected. This vulnerability allows admin users to access sensitive server environment variables and system properties through URLs. By using placeholders like ${env.VARNAME} or ${PROPNAME}, the server replaces them with actual values during URL processing. To address this issue, users should upgrade Keycloak to version 26.0.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11736.

In Keycloak version 21.0.2 a medium severity vulnerability CVE-2024-11734 was detected. This vulnerability allows attackers to disrupt the Keycloak service by modifying security headers, causing requests to fail and the service to become unavailable. To fix this issue, users should upgrade Keycloak to version 26.0.8. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11734.

In Vaultwarden versions before 1.32.5 a critical severity vulnerability CVE-2024-55225 was detected. This vulnerability allows attackers to impersonate users, including administrators, through a crafted authorization request. To address this issue, users should upgrade Vaultwarden to version 1.32.5 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-55225.

In Vaultwarden version 1.32.5 a low severity vulnerability CVE-2024-55226 was detected. This vulnerability allows attackers to execute authenticated reflected Cross-Site Scripting (XSS) attacks via the `/api/core/mod.rs` component. To address this issue, users should upgrade Vaultwarden to version 1.32.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55226.