In Rancher versions 2.7.0 to before 2.7.16, 2.8.0 to before 2.8.9, and 2.9.0 to before 2.9.3 a critical severity vulnerability CVE-2024-22036 was detected. This vulnerability lets attackers break out of the Rancher container and get root access. In test setups, they could even escape the container and run code on the host machine. To address this issue, users should upgrade Rancher to version 2.7.16, 2.8.9, or 2.9.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-22036.
Read more Developer Tools
In Liferay Portal versions 7.2.0 through 7.4.3.129 and Liferay DXP versions 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36 and 7.2 GA through fix pack 20 a medium severity vulnerability CVE-2025-3760 was detected. This vulnerability allows remote authenticated attackers to inject malicious JavaScript into a page using radio button type custom fields. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.132 and Liferay DXP to versions 2024.Q1.13, 2024.Q3.10 or 2025.Q1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3760.
Read more CMS
In Mattermost versions 10.5.x ≤ 10.5.1 and 9.11.x ≤ 9.11.9 a low severity vulnerability CVE-2025-2424 was detected. This vulnerability allows attackers who know the IDs of deleted files to obtain their metadata by creating bookmarks, due to missing checks on file deletion. To address this issue, users should upgrade Mattermost to versions 10.5.2 or later for the 10.5.x series and 9.11.10 or later for the 9.11.x series. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2424.
Read more Communication
In Mattermost versions 10.4.x ≤ 10.4.2, 10.5.x ≤ 10.5.0 and 9.11.x ≤ 9.11.9 a low severity vulnerability CVE-2025-31363 was detected. This vulnerability allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim by performing a prompt injection in the AI plugin’s Jira tool, due to a failure to restrict domains the LLM can request. To address this issue, users should upgrade Mattermost to versions 10.6.0, 10.4.3, 10.5.1, 9.11.10 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31363.
Read more Communication
In Mattermost Plugin MS Teams versions <2.1.0 and Mattermost Server versions 10.5.x ≤ 10.5.1 with the MS Teams plugin enabled a medium severity vulnerability CVE-2025-27936 was detected. This vulnerability allows an attacker to retrieve the webhook secret of the MS Teams plugin via a timing attack, due to a failure to perform constant time comparison on the webhook secret. To address this issue, users should upgrade Mattermost Plugin MSTeams to version 2.1.1 or Mattermost Server to versions 10.6.0, 10.5.2 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27936.
Read more Communication
In Mattermost versions 10.5.x ≤ 10.5.1, 10.4.x ≤ 10.4.3 and 9.11.x ≤ 9.11.9 a medium severity vulnerability CVE-2025-27571 was detected. This vulnerability allows authenticated users to access channel metadata from archived channels regardless of the “Allow Users to View Archived Channels” configuration setting. To address this issue, users should upgrade Mattermost to versions 10.6.0, 10.5.2, 10.4.4, 9.11.10 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27571.
Read more Communication
In Mattermost versions 10.5.x ≤ 10.5.1, 10.4.x ≤ 10.4.3 and 9.11.x ≤ 9.11.9 a medium severity vulnerability CVE-2025-2475 was detected. This vulnerability allows attackers to log in once using normal credentials after a user account is converted to a bot, due to improper cache invalidation. To address this issue, users should upgrade Mattermost to versions 10.6.0, 10.5.2, 10.4.4, 9.11.10 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2475.
Read more Communication
In SUSE Rancher versions from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7 and from 2.10.0 before 2.10.3 a medium severity vulnerability CVE-2025-23387 was detected. This vulnerability allows unauthenticated attackers to list and delete CLI authentication tokens before they are retrieved, exposing sensitive information. To address this issue, users should upgrade SUSE Rancher to versions 2.8.13, 2.9.7 or 2.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23387.
Read more Developer Tools
In SUSE Rancher from 2.8.0 before 2.8.10 and from 2.9.0 before 2.9.4 a medium severity vulnerability CVE-2024-52282 was detected. This vulnerability allows any user with GET access to the Rancher Manager Apps Catalog to read sensitive information contained in the Apps’ values, which also gets exposed in audit logs when the audit level is set to 2 or higher. To address this issue, users should upgrade SUSE Rancher to versions 2.8.10 or 2.9.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52282.
Read more Developer Tools