In Liferay Portal versions 7.4.0 through 7.4.3.132 and in Liferay DXP versions 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43743 was detected. This vulnerability allows attackers to view other calendars by enumerating the names of other authenticated users. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q2.0, 2025.Q1.6 or 2024.Q1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43743.
Read more CMS
In PostgreSQL versions 13 through 17 a high severity vulnerability CVE-2025-8715 was detected. This vulnerability allows attackers to inject arbitrary code or achieve SQL injection via a purpose-crafted object name during the restore process. To address this issue, users should upgrade PostgreSQL to versions 13.22, 14.19, 15.14, 16.10 or 17.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8715.
Read more Database
In PostgreSQL versions 13 through 17 a low severity vulnerability CVE-2025-8713 was detected. This vulnerability allows attackers to read sampled data from views or tables that are protected by access control lists (ACLs) or row security policies. To address this issue, users should upgrade PostgreSQL to versions 13.22, 14.19, 15.14, 16.10 or 17.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8713.
Read more Database
In LibreNMS versions 25.6.0 and prior a medium severity vulnerability CVE-2025-55296 was detected. This vulnerability allows attackers to inject malicious JavaScript into the Alert Template name field, which can then be executed when the template is viewed by other administrators. To address this issue, users should upgrade LibreNMS to versions 25.8.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55296.
Read more Monitoring
In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43732 was detected. This vulnerability allows organization administrators to gain unauthorized access to user lists from other organizations due to an Insecure Direct Object Reference (IDOR) in the groupId parameter of the _com_liferay_roles_selector_web_portlet_RolesSelectorPortlet_groupId. To address this issue, users should upgrade Liferay Portal fixed on master branch and Liferay DXP to versions 2025.Q2.0, 2025.Q1.11 or 2024.Q1.18. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43732.
Read more CMS
In GitLab CE/EE versions 17.7 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2024-12303 was detected. This vulnerability allows authenticated users with specific roles and permissions to delete issues, including confidential ones, by inviting users with a specific role. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.6, 18.1.4, 18.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12303.
Read more Developer Tools
In GitLab CE/EE versions 15.6 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2024-10219 was detected. This vulnerability allows authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.6, 18.1.4, 18.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10219.
Read more Developer Tools
In @backstage/plugin-scaffolder-backend versions prior to 2.1.1 a medium severity vulnerability CVE-2025-55285 was detected. Duplicate logging of input values in the fetch:template action could expose template secrets (e.g., ${{ secrets.x }}) in logs, leading to unintended disclosure, though there is no impact if such secrets are not passed through to fetch:template. To address this issue, users should upgrade scaffolder-backend plugin to versions 2.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55285.
Read more Developer Tools
In Liferay Portal versions 7.3.0 through 7.4.3.132 and Liferay DXP versions 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 a low severity vulnerability CVE-2025-3639 was detected. This vulnerability allows unauthenticated attackers with valid credentials to bypass multi-factor authentication (MFA) by changing the HTTP method from POST to GET during login. Currently, there is no fix version for this issue. For more details, visit CVE-2025-3639.
Read more CMS