In Rocket.Chat version 7.3.1 a low severity vulnerability CVE-2025-7974 was detected. This vulnerability allows remote attackers to disclose sensitive information without authentication. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7974.
Read more Communication
In Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9823 was detected. This vulnerability allows attackers to run arbitrary JavaScript in another user’s browser session by exploiting a reflected XSS in the lead:addLeadTags endpoint. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9823.
Read more Marketing Automation
In Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9822 was detected. This vulnerability allows an administrator to change application configuration and access secrets, such as database credentials, that are normally restricted. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9822.
Read more Marketing Automation
In Django versions 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6 a high severity vulnerability CVE-2025-57833 was detected. This vulnerability allows attackers to perform SQL injection by crafting malicious dictionary arguments passed to QuerySet.annotate() or QuerySet.alias() when using FilteredRelation in column aliases. To address this issue, users should upgrade to versions 4.2.24, 5.1.12, or 5.2.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-57833.
Read more Application Development
In Next.js versions before 14.2.31 and from 15.0.0 to before 15.4.5 a medium severity vulnerability CVE-2025-55173 was detected. This vulnerability allows an attacker to trigger file downloads with arbitrary content and filenames, which could be used for phishing or malicious file delivery. To address this issue, users should upgrade Next.js Middleware to versions 14.2.31 or 15.4.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55173.
Read more Application Development
In Vault Community Edition versions prior to 1.20.3 and Vault Enterprise versions prior to 1.20.3, 1.19.9, 1.18.14 and 1.16.25 a high severity vulnerability CVE-2025-6203 was detected. This vulnerability allows an unauthenticated attacker to cause a denial of service by submitting a specially-crafted complex JSON payload that leads to excessive memory and CPU consumption. To address this issue, users should upgrade Vault Community Edition to versions 1.20.3 or Vault Enterprise to versions 1.20.3, 1.19.9, 1.18.14, 1.16.25 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6203.
Read more Security
In Liferay Portal versions 7.4.3.27 through 7.4.3.42, and Liferay DXP versions 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 27 through update 42 a high severity vulnerability CVE-2025-3586 was detected. This vulnerability allows an authenticated administrator with the Instance Administrator role to execute arbitrary Groovy scripts (i.e., remote code execution) through the Objects module. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.43 and Liferay DXP to versions 2024.Q2.0 or 2024.Q3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3586.
Read more CMS
In Mautic versions 4.4.0 through 4.4.16, 5.0.0-alpha through 5.2.7, and 6.0.0-alpha through 6.0.4 a low severity vulnerability CVE-2025-9821 was detected. This vulnerability allows a user with webhook permissions to perform a Server-Side Request Forgery (SSRF) attack by sending webhooks to an unvalidated destination. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9821.
Read more Marketing Automation
In Rancher Manager versions 2.12.0 through 2.12.0, 2.11.0 through 2.11.4, 2.10.0 through 2.10.8, and 2.9.0 through 2.9.11 a high severity vulnerability CVE-2024-58259 was detected. This vulnerability allows an attacker to cause a Denial of Service (DoS) by sending excessively large payloads to unauthenticated and authenticated API endpoints. To address this issue, users should upgrade Rancher Manager to versions 2.12.1, 2.11.5, 2.10.9 or 2.9.12. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-58259.
Read more Developer Tools