Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    18 Jul 2025 Data Management and Analytics
    Grafana: Open Redirect Vulnerability Leading to XSS

    In Grafana versions from 11.5.0 a high severity vulnerability CVE-2025-6023 was detected. This vulnerability allows attackers to exploit an open redirect that can be chained with path traversal issues to perform cross-site scripting (XSS) attacks. To address this issue, users should upgrade Grafana to versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 or 11.3.8+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6023.

    Read more
    Data Analytics
    18 Jul 2025 Communication and Collaboration
    Mattermost: Path Traversal Vulnerability in Bulk Import JSONL File Attachment Paths

    In Mattermost versions 10.8.x up to 10.8.1, 10.7.x up to 10.7.3, 10.5.x up to 10.5.7 and 9.11.x up to 9.11.16 a medium severity vulnerability CVE-2025-6233 was detected. This vulnerability allows system administrators to read arbitrary system files via path traversal due to improper sanitization of file attachment input paths in the bulk import JSONL file. To address this issue, users should upgrade Mattermost to versions 10.9.0, 10.8.2, 10.7.4, 10.5.8, 9.11.17 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6233.

    Read more
    Communication
    18 Jul 2025 Communication and Collaboration
    Mattermost: Token Negotiation Flaw in Invite Acceptance Leading to Synchronization Payload Injection

    In Mattermost versions 10.5.x up to 10.5.7 and 9.11.x up to 9.11.16 a low severity vulnerability CVE-2025-6227 was detected. This vulnerability allows an attacker who intercepts both the invite and password to send synchronization payloads to the server via the REST API due to failure to negotiate a new token when accepting the invite. To address this issue, users should upgrade Mattermost to versions 10.9.0, 10.5.8, 9.11.17 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6227.

    Read more
    Communication
    18 Jul 2025 Communication and Collaboration
    Mattermost: Unauthorized Access to Private Channel Posts via PendingPostID Enumeration

    In Mattermost versions 10.5.x up to 10.5.6, 10.8.x up to 10.8.1, 10.7.x up to 10.7.3 and 9.11.x up to 9.11.16 a medium severity vulnerability CVE-2025-6226 was detected. This vulnerability allows authenticated users to read posts in private channels without proper access by guessing PendingPostIDs of recently created posts due to missing authorization checks. To address this issue, users should upgrade Mattermost to versions 10.9.0, 10.5.8, 9.11.17 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6226.

    Read more
    Communication
    17 Jul 2025 Business and Enterprise Solutions
    Directus: Improper Authorization in Manual Trigger Flows Allows Unauthorized Flow Execution

    In Directus versions 9.12.0 and above a medium severity vulnerability CVE-2025-53889 was detected. This vulnerability allows attackers to execute manual trigger Flows without authentication or proper access rights, potentially performing unauthorized actions on behalf of a user. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53889.

    Read more
    CMS
    17 Jul 2025 Business and Enterprise Solutions
    Directus: Version Disclosure via OpenAPI Spec Endpoint

    In Directus versions 9.0.0 and above a medium severity vulnerability CVE-2025-53887 was detected. This vulnerability allows attackers to obtain the exact Directus version via the unauthenticated /server/specs/oas endpoint, potentially aiding in targeted exploitation using known vulnerabilities. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53887.

    Read more
    CMS
    17 Jul 2025 Business and Enterprise Solutions
    Directus: Token Exposure in Flow Webhook Logs

    In Directus versions 9.0.0 and above a medium severity vulnerability CVE-2025-53886 was detected. This vulnerability allows malicious administrators to hijack user sessions by accessing sensitive data such as access and refresh tokens logged during Flow WebHook executions. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53886.

    Read more
    CMS
    17 Jul 2025 Business and Enterprise Solutions
    Directus: Exposure of Sensitive User Data via Console Logging in Flows

    In Directus versions 9.0.0 and above a medium severity vulnerability CVE-2025-53885 was detected. This vulnerability allows malicious administrators to log sensitive user data using the “Log to Console” operation within Flows triggered by user CRUD events. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53885.

    Read more
    CMS
    17 Jul 2025 Business and Enterprise Solutions
    Grafana: Improper Access Control in DingDing Alerting Integration

    In Grafana versions prior to 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01 a medium severity vulnerability CVE-2025-3415 was detected. This vulnerability allows users with Viewer permission to access the Grafana Alerting DingDing integration, which was not properly protected. To address this issue, users should upgrade Grafana to versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 or 12.0.1+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3415.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}