In Combodo iTop versions prior to 2.7.12, 3.1.2 and 3.2.0 a medium severity vulnerability CVE-2025-27139 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) attacks when the preferences page is opened. To address this issue, users should upgrade iTop to versions 2.7.12, 3.1.2, 3.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27139.
Read more IT Business Management
In Mastodon versions prior to 4.1.23, 4.2.16 and 4.3.4 a medium severity vulnerability CVE-2025-27399 was detected. This vulnerability allows unapproved users to view domain block reasons when the visibility is set to “To logged-in users,” potentially exposing sensitive moderation details. To address this issue, users should upgrade Mastodon to versions 4.1.23, 4.2.16 or 4.3.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27399.
Read more Communication
In Moodle versions 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier a low severity vulnerability CVE-2025-26531 was detected. This vulnerability arises from insufficient capability checks within the badge management system, allowing attackers to exploit an Insecure Direct Object Reference (IDOR) and disable arbitrary badges. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6, 4.3.10 or 4.1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26531.
Read more Educational
In Moodle version 4.5.0 a low severity vulnerability CVE-2025-26532 was detected. This vulnerability arises from insufficient checks in the glossary restoration process, allowing teachers to bypass trusttext configurations when restoring glossary entries. To address this issue, users should upgrade Moodle to version 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26532.
Read more Educational
In Moodle versions from 4.3.0-beta to 4.5.0-beta a high severity vulnerability CVE-2025-26533 was detected. This vulnerability arises from an SQL injection risk in the module list filter within the course search functionality, allowing attackers to manipulate SQL queries and potentially access sensitive data or compromise the system. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6, 4.3.10, or 4.1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26533.
Read more Educational
In Mattermost versions 9.11.x up to 9.11.6 and 10.4.x up to 10.4.1 a low severity vulnerability CVE-2025-1412 was detected. The issue allows users converted to bots to retain their previous permissions, potentially escalating privileges. To address this issue, users should upgrade Mattermost to version 9.11.7 or 10.4.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1412.
Read more Communication
In Mattermost versions 10.4.x up to 10.4.1, 9.11.x up to 9.11.7, 10.3.x up to 10.3.2 and 10.2.x up to 10.2.2 a critical severity vulnerability CVE-2025-20051 was detected. This vulnerability allows attackers to read arbitrary files on the system by exploiting improper input validation when patching and duplicating a board, specifically through duplicating a specially crafted block in Boards. To address this issue, users should upgrade Mattermost to versions 10.4.2 or later, 10.3.3 or later, 10.2.3 or later and 9.11.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-20051.
Read more Communication
In Moodle versions up to 4.5.2 a medium severity vulnerability CVE-2025-26526 was detected. This vulnerability compromises the integrity of response viewing and deletion in Separate Groups mode within the platform’s feedback module. To address this issue, users should upgrade Moodle to versions 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26526.
Read more Educational
In Moodle versions up to 4.5.2 a medium severity vulnerability CVE-2025-26527 was detected. This vulnerability arises from the improper handling of non-searchable tags, allowing users who should not have access to certain tags to still discover them through the tag search page or the tags block. To address this issue, users should upgrade Moodle to versions 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26527.
Read more Educational