In Mattermost versions 10.8.x up to 10.8.1, 10.7.x up to 10.7.3, 10.5.x up to 10.5.7 and 9.11.x up to 9.11.16 a medium severity vulnerability CVE-2025-6233 was detected. This vulnerability allows system administrators to read arbitrary system files via path traversal due to improper sanitization of file attachment input paths in the bulk import JSONL file. To address this issue, users should upgrade Mattermost to versions 10.9.0, 10.8.2, 10.7.4, 10.5.8, 9.11.17 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6233.
Read more Communication
In Directus versions 9.12.0 and above a medium severity vulnerability CVE-2025-53889 was detected. This vulnerability allows attackers to execute manual trigger Flows without authentication or proper access rights, potentially performing unauthorized actions on behalf of a user. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53889.
Read more CMS
In Directus versions 9.0.0 and above a medium severity vulnerability CVE-2025-53887 was detected. This vulnerability allows attackers to obtain the exact Directus version via the unauthenticated /server/specs/oas endpoint, potentially aiding in targeted exploitation using known vulnerabilities. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53887.
Read more CMS
In Directus versions 9.0.0 and above a medium severity vulnerability CVE-2025-53886 was detected. This vulnerability allows malicious administrators to hijack user sessions by accessing sensitive data such as access and refresh tokens logged during Flow WebHook executions. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53886.
Read more CMS
In Directus versions 9.0.0 and above a medium severity vulnerability CVE-2025-53885 was detected. This vulnerability allows malicious administrators to log sensitive user data using the “Log to Console” operation within Flows triggered by user CRUD events. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53885.
Read more CMS
In Grafana versions prior to 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01 a medium severity vulnerability CVE-2025-3415 was detected. This vulnerability allows users with Viewer permission to access the Grafana Alerting DingDing integration, which was not properly protected. To address this issue, users should upgrade Grafana to versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 or 12.0.1+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3415.
Read more CMS
In Oracle MySQL Client versions 8.0.0 through 8.0.42, 8.4.0 through 8.4.5 and 9.0.0 through 9.3.0 a low severity vulnerability CVE-2025-50081 was detected in the mysqldump component. This vulnerability allows high-privileged attackers with network access and requiring user interaction to perform unauthorized updates, inserts, deletes, or read access to MySQL Client-accessible data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-50081.
Read more Database
In Oracle MySQL Server versions 8.0.0 through 8.0.42 a medium severity vulnerability CVE-2025-53023 was detected in the Replication component. This vulnerability allows high-privileged attackers with network access to cause a hang or repeatable crash of the MySQL Server, resulting in denial-of-service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53023.
Read more Database
In Oracle MySQL Server versions 8.0.0 through 8.0.42, 8.4.0 through 8.4.5 and 9.0.0 through 9.3.0 a medium severity vulnerability CVE-2025-50087 was detected in the Optimizer component. This vulnerability allows high-privileged attackers with network access to create, delete, or modify critical data without authorization. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-50087.
Read more Database