Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    8 Sep 2025 Business and Enterprise Solutions
    WordPress: Stored Cross-Site Scripting via Shortcode Debug Parameter in TablePress Plugin

    In TablePress plugin for WordPress versions up to and including 3.2 a medium severity vulnerability CVE-2025-9500 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘shortcode_debug’ parameter, which execute whenever a user accesses an injected page. To address this issue, users should upgrade TablePress plugin to versions 3.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9500.

    Read more
    CMS
    8 Sep 2025 Business and Enterprise Solutions
    WordPress: Stored Cross-Site Scripting via oceanwp_library Shortcode in Ocean Extra Plugin

    In Ocean Extra plugin for WordPress versions up to and including 2.4.9 a medium severity vulnerability CVE-2025-9499 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘oceanwp_library’ shortcode, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Ocean Extra plugin to versions 2.5.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9499.

    Read more
    CMS
    5 Sep 2025 Business and Enterprise Solutions
    Liferay: DoS via Kaleo Forms Admin

    In Liferay Portal versions 7.0.0 through 7.4.3.4, and Liferay DXP versions 7.4 GA, 7.3 GA through update 27, and older unsupported versions a high severity vulnerability CVE-2025-43772 was detected. This vulnerability allows an attacker to consume system memory by saving request parameters in the portlet session, which leads to denial-of-service (DoS) conditions. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.5 and Liferay DXP 7.4 update 1 or 7.3 update 28. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43772.

    Read more
    CMS
    5 Sep 2025 Business and Enterprise Solutions
    Mautic: User Enumeration via Login Timing

    In Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9824 was detected. This vulnerability allows attackers to determine if a username exists by measuring login response times, potentially enabling brute-force attacks. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9824.

    Read more
    Marketing Automation
    5 Sep 2025 Communication and Collaboration
    PgAdmin: Cross-Origin Opener Policy Vulnerability

    In pgAdmin 4 versions 9.7 and below a high severity vulnerability CVE-2025-9636 was detected. This vulnerability allows an attacker to manipulate the OAuth flow, which could lead to unauthorised account access, account takeover, data breaches, and privilege escalation. Currently, there is no fix versions for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9636.

    Read more
    Communication
    5 Sep 2025 DevOps
    Argo CD: API Token Vulnerability

    In Argo CD versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1 a critical severity vulnerability CVE-2025-55190 was detected. This vulnerability allows an attacker to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint. To address this issue, users should upgrade Argo CD to versions 2.13.9, 2.14.16, 3.0.14 or 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55190.

    Read more
    Developer Tools
    5 Sep 2025 Business and Enterprise Solutions
    WordPress: CSRF Vulnerability in PopAd Plugin

    In PopAd plugin for WordPress versions up to and including 1.0.4 a medium severity vulnerability CVE-2025-9616 was detected. This vulnerability allows an unauthenticated attacker to reset cookie time settings via a forged request. Currently, there is no fix version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9616.

    Read more
    CMS
    4 Sep 2025 DevOps
    Rancher: Disclosure of Sensitive Data

    In Rancher versions 0.11.0 before 0.11.10, 0.12.0 before 0.12.6, and 0.13.0 before 0.13.1 a high severity vulnerability CVE-2024-52284 was detected. This vulnerability allows attackers with GET or LIST permissions to see Helm values that contain passwords or other secrets. To fix this issue, users should upgrade Rancher to versions 0.11.10, 0.12., or 0.13.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52284.

    Read more
    Developer Tools
    4 Sep 2025 Communication and Collaboration
    Rocket.Chat: Incorrect Authorization Leading to Information Disclosure

    In Rocket.Chat version 7.3.1 a low severity vulnerability CVE-2025-7974 was detected. This vulnerability allows remote attackers to disclose sensitive information without authentication. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7974.

    Read more
    Communication
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}