In MLflow versions prior to 3.1.0 a medium severity vulnerability CVE-2025-52967 was detected. This vulnerability is caused by the lack of `gateway_path` validation in the `gateway_proxy_handler`, which may allow attackers to manipulate request routing or access unintended resources. To address this issue, users should upgrade MLflow to versions 3.1.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52967.
Read more Data Analytics
In Moodle versions 3.x through 3.11.18 a medium severity vulnerability CVE-2025-53021 was detected. This vulnerability allows unauthenticated attackers to hijack user sessions by obtaining and reusing the sesskey parameter within the OAuth2 login flow, resulting in full account takeover, and it affects only unsupported versions maintained by the developer. To address this issue, users should upgrade Moodle to versions 3.11.18 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53021.
Read more Educational
In Gogs versions prior to 0.13.3 a critical severity vulnerability CVE-2024-56731 was detected. This vulnerability allows unprivileged users to delete files under the .git directory and execute arbitrary commands with the privileges of the configured RUN_USER, enabling remote command execution and unauthorized modification of other users’ code hosted on the same instance. To address this issue, users should upgrade to versions 0.13.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56731.
Read more Developer Tools
In Kanboard versions prior to 1.2.46 a high severity vulnerability CVE-2025-52560 was detected. This vulnerability allows attackers to craft malicious password reset links by exploiting an unvalidated Host header when the application_url configuration is unset, potentially leading to account takeover. To address this issue, users should upgrade Kanboard to versions 1.2.46 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52560.
Read more Project Management
In GitLab EE versions from 16.0 before 16.3.6, from 16.4 before 16.4.2 and from 16.5 before 16.5.1 a low severity vulnerability CVE-2023-5600 was detected. This vulnerability allows unauthorized users to gain arbitrary access to the titles of private specific references through the service-desk custom email template. To address this issue, users should upgrade GitLab EE to versions 16.3.6, 16.4.2 or 16.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-5600.
Read more Developer Tools
In Mattermost versions 10.5.x (up to and including 10.5.5), 9.11.x (up to and including 9.11.15), 10.8.x (up to and including 10.8.0), 10.7.x (up to and including 10.7.2) and 10.6.x (up to and including 10.6.5) a high severity vulnerability CVE-2025-3228 was detected. This vulnerability arises from improper handling of requestor information in the playbooks handler for guest users, allowing attackers to gain unauthorized access to playbook runs and potentially expose sensitive operational data and workflows. To address this issue, users should upgrade Mattermost to versions 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3228.
Read more Communication
In Mattermost versions 10.5.x (up to 10.5.5), 9.11.x (up to 9.11.15), 10.8.x (up to 10.8.0), 10.7.x (up to 10.7.2) and 10.6.x (up to 10.6.5) a medium severity vulnerability CVE-2025-3227 was detected. This vulnerability allows authenticated users without the ‘Manage Channel Members’ permission to add or remove users from both public and private channels by manipulating playbook run participants, potentially leading to unauthorized access and data leakage. To address this issue, users should upgrade Mattermost to versions 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3227.
Read more Communication
In ClickHouse versions 25.7.1.557 a low severity vulnerability CVE-2025-52969 was detected. This vulnerability allows low-privileged users to execute shell commands by querying existing Executable() tables created by higher-privileged users and, if they can influence the script path used by the table engine, potentially escalate privileges and execute unauthorized code in the context of the ClickHouse server. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52969.
Read more Data Analytics
In Gogs versions 0.14.0+dev and prior a medium severity vulnerability CVE-2025-47943 was detected. This vulnerability allows attackers to execute arbitrary JavaScript in the user’s browser via a stored cross-site scripting (XSS) issue caused by the inclusion of a vulnerable pdfjs-1.4.20 component. To address this issue, users should upgrade Gogs to versions 0.13.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47943.
Read more Developer Tools