In Apache Superset versions through 4.1.1 a medium severity vulnerability CVE-2025-27696 was detected. This vulnerability allows authenticated users with read permissions to take ownership of dashboards, charts, or datasets. To address this issue, users should upgrade Apache Superset to versions 4.1.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27696.
Read more Data Analytics
In Apache ActiveMQ versions from 6.0.0 before 6.1.6, 5.18.0 before 5.18.7, 5.17.0 before 5.17.7 and before 5.16.8 a medium severity vulnerability CVE-2025-27533 was detected. This vulnerability allows attackers to trigger excessive memory allocation during unmarshalling of OpenWire commands, leading to a denial of service (DoS). To address this issue, users should upgrade Apache ActiveMQ to versions 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7 or 5.16.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27533.
Read more Developer Tools
In Apache Tomcat versions from 9.0.76 through 9.0.102, 10.1.10 through 10.1.39 and 11.0.0-M2 through 11.0.5 a high severity vulnerability CVE-2025-31650 was detected. This vulnerability allows improper input validation of HTTP priority headers, leading to memory leaks and potential denial of service (DoS) due to an OutOfMemoryException. To address this issue, users should upgrade Apache Tomcat to versions 9.0.104, 10.1.40 or 11.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31650.
Read more Application Development
In Frontend Dashboard plugin for WordPress versions 1.0 to 2.2.7 a high severity vulnerability CVE-2025-4474 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to escalate privileges by overwriting the plugin’s ‘register’ role setting, making new user registrations default to the administrator role. To address this issue, users should upgrade Frontend Dashboard plugin to versions 2.2.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4474.
Read more CMS
In Kanboard versions 1.2.26 through 1.2.44 a low severity vulnerability CVE-2025-46825 was detected. This vulnerability allows attackers to inject malicious scripts via the `name` parameter in the project creation form, potentially executing them in web pages viewed by other users if content security policies are misconfigured. To address this issue, users should upgrade Kanboard to versions 1.2.45. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46825.
Read more Project Management
In TheGem theme for WordPress versions up to and including 5.10.3 a medium severity vulnerability CVE-2025-4339 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to modify arbitrary theme options due to a missing capability check on the ajaxApi() function. To address this issue, users should upgrade TheGem theme to versions 5.10.3.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4339.
Read more CMS
In Newsletters plugin for WordPress versions up to and including 4.9.9.8 a medium severity vulnerability CVE-2025-3107 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to perform time-based SQL Injection via the ‘orderby’ parameter, enabling them to extract sensitive information from the database. To address this issue, users should upgrade Newsletters plugin to versions 4.9.9.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3107.
Read more CMS
In Firelight Lightbox plugin for WordPress versions prior to 2.3.15 a medium severity vulnerability CVE-2025-3597 was detected. This vulnerability lets authenticated users with post-writing access run harmful JavaScript when the jQuery Metadata feature is enabled, even in the free version of the plugin. To address this issue, users should upgrade Firelight Lightbox plugin to versions 2.3.15 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3597.
Read more CMS
In GitLab CE/EE versions 12.0 before 17.9.8, 17.10 before 17.10.6 and 17.11 before 17.11.2 a medium severity vulnerability CVE-2025-1278 was detected. This vulnerability allows attackers to bypass IP access restrictions and view sensitive information under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.8, 17.10.6 or 17.11.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1278.
Read more Developer Tools