In TablePress plugin for WordPress versions up to and including 3.2 a medium severity vulnerability CVE-2025-9500 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘shortcode_debug’ parameter, which execute whenever a user accesses an injected page. To address this issue, users should upgrade TablePress plugin to versions 3.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9500.
Read more CMSIn Ocean Extra plugin for WordPress versions up to and including 2.4.9 a medium severity vulnerability CVE-2025-9499 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘oceanwp_library’ shortcode, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Ocean Extra plugin to versions 2.5.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9499.
Read more CMSIn Liferay Portal versions 7.0.0 through 7.4.3.4, and Liferay DXP versions 7.4 GA, 7.3 GA through update 27, and older unsupported versions a high severity vulnerability CVE-2025-43772 was detected. This vulnerability allows an attacker to consume system memory by saving request parameters in the portlet session, which leads to denial-of-service (DoS) conditions. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.5 and Liferay DXP 7.4 update 1 or 7.3 update 28. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43772.
Read more CMSIn Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9824 was detected. This vulnerability allows attackers to determine if a username exists by measuring login response times, potentially enabling brute-force attacks. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9824.
Read more Marketing AutomationIn pgAdmin 4 versions 9.7 and below a high severity vulnerability CVE-2025-9636 was detected. This vulnerability allows an attacker to manipulate the OAuth flow, which could lead to unauthorised account access, account takeover, data breaches, and privilege escalation. Currently, there is no fix versions for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9636.
Read more CommunicationIn Argo CD versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1 a critical severity vulnerability CVE-2025-55190 was detected. This vulnerability allows an attacker to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint. To address this issue, users should upgrade Argo CD to versions 2.13.9, 2.14.16, 3.0.14 or 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55190.
Read more Developer ToolsIn PopAd plugin for WordPress versions up to and including 1.0.4 a medium severity vulnerability CVE-2025-9616 was detected. This vulnerability allows an unauthenticated attacker to reset cookie time settings via a forged request. Currently, there is no fix version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9616.
Read more CMSIn Rancher versions 0.11.0 before 0.11.10, 0.12.0 before 0.12.6, and 0.13.0 before 0.13.1 a high severity vulnerability CVE-2024-52284 was detected. This vulnerability allows attackers with GET or LIST permissions to see Helm values that contain passwords or other secrets. To fix this issue, users should upgrade Rancher to versions 0.11.10, 0.12., or 0.13.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52284.
Read more Developer ToolsIn Rocket.Chat version 7.3.1 a low severity vulnerability CVE-2025-7974 was detected. This vulnerability allows remote attackers to disclose sensitive information without authentication. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7974.
Read more Communication