In SUSE Rancher versions before commits 2175e09, 6e30359 and c744f0b a high severity vulnerability CVE-2024-52280 was detected. This vulnerability allows users with generic permissions on a resource type to watch resources they are not explicitly authorized to access. To address this issue, users should upgrade SUSE Rancher to commits 2175e09 (main), 6e30359 (release/v2.9), c744f0b (release/v2.8) or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52280.
Read more Developer Tools
In Mattermost versions 10.5.x up to and including 10.5.1, 10.4.x up to and including 10.4.3, and 9.11.x up to and including 9.11.9 a medium severity vulnerability CVE-2025-32093 was detected. This vulnerability allows delegated granular administration users with the “Edit Other Users” permission to perform unauthorized modifications to system administrator accounts due to improper permission validation. To address this issue, users should upgrade Mattermost to versions 10.6.0, 10.5.2, 10.4.4, 9.11.10 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32093.
Read more Communication
In Mattermost Mobile Apps versions 2.25.0 and prior a low severity vulnerability CVE-2025-30516 was detected. This vulnerability causes sessions to remain active during logout under certain conditions (e.g., poor connectivity), potentially allowing unauthorized users on shared devices to access sensitive information via continued mobile notifications. To address this issue, users should update Mattermost Mobile Apps to versions 2.26.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30516.
Read more Communication
In Mattermost versions 9.11.x up to and including 9.11.8 a low severity vulnerability CVE-2025-24866 was detected. This vulnerability allows users with delegated granular administration roles, who lack Compliance Monitoring access, to retrieve User Activity Logs via the /api/v4/audits endpoint. To address this issue, users should upgrade Mattermost to versions 9.11.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24866.
Read more Communication
In Metabase versions 52.x before 52.17.1, 53.x before 53.9.5 and 54.x before 54.1.5 a low severity vulnerability CVE-2025-32382 was detected. This vulnerability allows sensitive Snowflake connection credentials, including usernames and passwords, to be logged during connection migration due to improper purging of stale connection methods. To address this issue, users should upgrade Metabase to versions 52.17.1, 53.9.5 or 54.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32382.
Read more Data Analytics
In Rancher versions from 2.8.0 before 2.8.14, 2.9.0 before 2.9.8, 2.10.0 before 2.10.4 and prior to 2.11.0 a critical severity vulnerability CVE-2025-23391 was detected. This vulnerability allows a Restricted Administrator to change the passwords of full Administrators, potentially leading to account takeover. To address this issue, users should upgrade Rancher to versions 2.8.14, 2.9.8, 2.11.0 or 2.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23391.
Read more Developer Tools
In Rancher versions from 2.8.0 before 2.8.13, 2.9.0 before 2.9.7 and 2.10.0 before 2.10.3 a high severity vulnerability CVE-2025-23389 was detected. This vulnerability allows a local user to impersonate other identities through SAML Authentication during first login. To address this issue, users should upgrade Rancher to versions 2.8.13, 2.9.7 or 2.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23389.
Read more Developer Tools
In Rancher versions from 2.8.0 before 2.8.13, 2.9.0 before 2.9.7 and 2.10.0 before 2.10.3 a high severity vulnerability CVE-2025-23388 was detected. This vulnerability allows attackers to trigger a stack-based buffer overflow, potentially causing a denial of service. To address this issue, users should upgrade Rancher to versions 2.8.13, 2.9.7 or 2.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23388.
Read more Developer Tools
In GitLab CE/EE versions 17.9 before 17.9.6 and 17.10 before 17.10.4 a low severity vulnerability CVE-2025-2469 was detected. This vulnerability allows unauthenticated attackers to access runtime profiling data of a specific service. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.4, 17.9.6 or 17.8.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2469.
Read more Developer Tools