Our news and updates

In pgAdmin 4 versions 9.7 and below a high severity vulnerability CVE-2025-9636 was detected. This vulnerability allows an attacker to manipulate the OAuth flow, which could lead to unauthorised account access, account takeover, data breaches, and privilege escalation. Currently, there is no fix versions for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9636.

In Argo CD versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1 a critical severity vulnerability CVE-2025-55190 was detected. This vulnerability allows an attacker to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint. To address this issue, users should upgrade Argo CD to versions 2.13.9, 2.14.16, 3.0.14 or 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55190.

In PopAd plugin for WordPress versions up to and including 1.0.4 a medium severity vulnerability CVE-2025-9616 was detected. This vulnerability allows an unauthenticated attacker to reset cookie time settings via a forged request. Currently, there is no fix version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9616.

In Rancher versions 0.11.0 before 0.11.10, 0.12.0 before 0.12.6, and 0.13.0 before 0.13.1 a high severity vulnerability CVE-2024-52284 was detected. This vulnerability allows attackers with GET or LIST permissions to see Helm values that contain passwords or other secrets. To fix this issue, users should upgrade Rancher to versions 0.11.10, 0.12., or 0.13.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52284.

In Rocket.Chat version 7.3.1 a low severity vulnerability CVE-2025-7974 was detected. This vulnerability allows remote attackers to disclose sensitive information without authentication. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7974.

In Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9823 was detected. This vulnerability allows attackers to run arbitrary JavaScript in another user’s browser session by exploiting a reflected XSS in the lead:addLeadTags endpoint. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9823.

In Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9822 was detected. This vulnerability allows an administrator to change application configuration and access secrets, such as database credentials, that are normally restricted. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9822.

In Django versions 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6 a high severity vulnerability CVE-2025-57833 was detected. This vulnerability allows attackers to perform SQL injection by crafting malicious dictionary arguments passed to QuerySet.annotate() or QuerySet.alias() when using FilteredRelation in column aliases. To address this issue, users should upgrade to versions 4.2.24, 5.1.12, or 5.2.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-57833.

In Next.js versions before 14.2.31 and from 15.0.0 to before 15.4.5 a medium severity vulnerability CVE-2025-55173 was detected. This vulnerability allows an attacker to trigger file downloads with arbitrary content and filenames, which could be used for phishing or malicious file delivery. To address this issue, users should upgrade Next.js Middleware to versions 14.2.31 or 15.4.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55173.