In Umbraco CMS versions prior to 4.7.1 a critical severity vulnerability CVE-2012-10054 was detected. This vulnerability allows attackers to upload and run malicious files on the website without needing to log in. To fix this issue, users should upgrade Umbraco CMS to version 4.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-10054.
Read more CMS
In Helm, all versions before 3.18.5 a medium severity vulnerability CVE-2025-55198 was detected. This vulnerability may cause Helm to panic due to incorrect YAML content in Chart.yaml and index.yaml files. To fix this issue, users should upgrade Helm to version 3.18.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55198.
In SuiteCRM version 7.14.6 a low severity vulnerability CVE-2025-54787 was detected. This vulnerability allows unauthenticated attackers to download files from the upload directory if the file is named by a valid ID, potentially exposing sensitive internal files. To address this issue, users should upgrade SuiteCRM to versions 7.14.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54787.
Read more CRM
In SuiteCRM versions 7.14.0 through 7.14.6 a medium severity vulnerability CVE-2025-54784 was detected. This vulnerability allows attackers to execute arbitrary actions as a logged-in user by sending a crafted email that triggers a Cross-Site Scripting (XSS) payload when viewed in the email viewer, potentially leading to data theft or full instance takeover. To address this issue, users should upgrade SuiteCRM to versions 7.14.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54784.
Read more CRM
In Kanboard versions prior to 1.2.47 a medium severity vulnerability CVE-2025-55011 was detected. This vulnerability allows attackers to write files anywhere on the system the application user controls due to missing validation of the task_id parameter and lack of path traversal checks in the createTaskFile API method. To address this issue users should upgrade Kanboard to version 1.2.47 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55011.
Read more Project Management
In Kanboard versions prior to 1.2.47 a critical severity vulnerability CVE-2025-55010 was detected. This vulnerability allows attackers with admin access to achieve remote code execution by exploiting unsafe deserialization in the ProjectEventActivityFormatter via the event[“data”] field in the project_activities table, potentially writing a web shell to the /plugins folder. To address this issue, users should upgrade Kanboard to version 1.2.47 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55010.
Read more Project Management
In Liferay Portal verions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43734 was detected. This vulnerability allows remote authenticated attackers to inject JavaScript code into the “first display label” field of a custom sort widget, which is then reflected and executed by the clay button taglib when the page is refreshed. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q2.0, 2025.Q1.11 or 2024.Q1.17. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43734.
Read more CMS
In Liferay Portal versions 7.4.0 through 7.4.3.131 and Liferay DXP versions 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 9 a medium severity vulnerability CVE-2025-43735 was detected. This vulnerability allows remote unauthenticated attackers to inject malicious JavaScript into the google_gadget component via reflected cross-site scripting (XSS). To address this issue, users should upgrade Liferay Portal to versions 7.4.3.132 and Liferay DXP to versions 2024.Q1.13 or 2025.Q1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43735.
Read more CMS
In Liferay Portal versions 7.4.3.0 through 7.4.3.132 and Liferay DXP versions 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43736 was detected. This vulnerability allows users to upload profile pictures exceeding the intended 300KB limit, potentially causing performance degradation and denial of service (DoS) conditions. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q2.0, 2025.Q1.9 or 2024.Q1.17. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43736.
Read more CMS