In OpenVPN versions 2.6.1 through 2.6.13 a high severity vulnerability CVE-2025-2704 was detected. This vulnerability allows remote attackers to trigger a denial of service by corrupting and replaying network packets during the early TLS-crypt-v2 handshake phase when OpenVPN is operating in server mode. To address this issue, users should upgrade OpenVPN to versions 2.6.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2704.
Read more Security
In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.14 and 7.3.4 a low severity vulnerability CVE-2025-3082 was detected. This vulnerability allows an authorized user to alter the intended collation of a view, potentially enabling access to unintended underlying data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3082.
Read more Database
In Rancher versions up to 2.8.13, 2.9.7 and 2.10.3 a high severity vulnerability CVE-2025-23391 was detected. This vulnerability allows Restricted Administrators to change the passwords of Administrators without the necessary permissions, potentially leading to unauthorized access and account takeover. To address this issue, users should upgrade Rancher to versions 2.8.14, 2.9.8, 2.10.4 or 2.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21391.
Read more Developer Tools
In Apache Camel versions up to 4.10.2 and 4.8.5 a medium severity vulnerability CVE-2025-30177 was detected. This vulnerability allows attackers to inject Camel-specific headers into incoming requests due to a flaw in the custom header filter strategy, potentially altering the behavior of components such as camel-bean or camel-exec. To address this issue, users should upgrade to Apache Camel versions 4.10.3 or 4.8.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30177.
Read more Application Development
In PHP versions up to 8.1.31, 8.2.27, 8.3.18 and 8.4.4 a medium severity vulnerability CVE-2025-1219 was detected. This vulnerability allows incorrect parsing of documents or bypassing of validations due to the wrong content-type header being used to determine the charset during HTTP redirects. To address this issue, users should upgrade PHP to versions 8.1.32, 8.2.28, 8.3.19, 8.4.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1219.
Read more Web Development
In PHP versions up to 8.1.31, 8.2.27, 8.3.18 and 8.4.4 a medium severity vulnerability CVE-2025-1734 was detected. This vulnerability allows invalid headers, specifically those missing a colon (:), to be incorrectly treated as valid headers, potentially leading to unexpected behavior or security vulnerabilities such as header injection attacks. To address this issue, users should upgrade PHP to versions 8.1.32, 8.2.28, 8.3.19, 8.4.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1734.
Read more Web Development
In Drupal versions prior to 1.10.0 a low severity vulnerability CVE-2025-31694 was detected. This vulnerability allows attackers to bypass security measures within the Two-factor Authentication (TFA) module through forceful browsing, potentially granting unauthorized access to sensitive user data and administrative functionalities. To address this issue, users should upgrade Drupal TFA module to versions 1.10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31694.
Read more CMS
In Drupal versions 8.0.0 to 10.3.12, 10.4.0 to 10.4.2, 11.0.0 to 11.0.11 and 11.1.0 to 11.1.2 a high severity vulnerability CVE-2025-31674 was detected. This vulnerability allows attackers to perform object injection by improperly modifying dynamically-determined object attributes, which can lead to unauthorized access and manipulation of sensitive data. To address this issue, users should upgrade Drupal Core to versions 10.3.13, 10.4.3, 11.0.12, 11.1.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31674.
Read more CMS
In Drupal versions 8.0.0 to 10.3.13, 10.4.0 to 10.4.4, 11.0.0 to 11.0.12 and 11.1.0 to 11.1.4 a low severity vulnerability CVE-2025-31675 was detected. This vulnerability allows attackers to execute arbitrary JavaScript in the context of the user’s browser through improper neutralization of input during web page generation. This can lead to session hijacking, data theft, or website defacement. To address this issue, users should upgrade Drupal Core to versions 10.3.14, 10.4.5, 11.0.13, 11.1.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31675.
Read more CMS