In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21522 was detected. This vulnerability allows a low-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21522.
Read more Database
In Node.js versions 20, 22 and 23 a high severity vulnerability CVE-2025-23090 was detected. This vulnerability allows attackers to exploit the `diagnostics_channel` utility to access internal worker threads, potentially reinstating their constructors for malicious use. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23090.
Read more Application Development
In Zulip Server versions 7.0 and above a medium severity vulnerability CVE-2024-56136 was detected. This vulnerability allows unauthenticated attackers to determine if an email address is in use by a user on servers hosting multiple organizations. To address this issue, users should upgrade Zulip Server to version 9.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56136.
Read more Communication
In Elasticsearch versions up to 7.17.21 and up to 8.13.3 a medium severity vulnerability CVE-2024-43709 was detected. This vulnerability allows attackers to cause an OutOfMemoryError exception and crash the system by executing a specially crafted query using an SQL function. To address this issue, users should upgrade Elasticsearch to version 7.17.21 or 8.13.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43709.
Read more Data Analytics
In Kibana versions up to 7.17.23 and up to 8.14.2 a medium severity vulnerability CVE-2024-52973 was detected. This vulnerability allows users with read access to the Observability-Logs feature to crash the system by sending a specially crafted request to `/api/log_entries/summary`, due to a lack of resource limits or throttling. To address this issue, users should upgrade Kibana to version 7.17.23 or 8.14.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52973.
Read more Data Analytics
In Mattermost Mobile versions 2.22.0 and prior a medium severity vulnerability CVE-2025-20072 was detected. This vulnerability allows attackers to crash the mobile app by supplying crafted malicious input to the style of proto in `post.props.attachments`. To address this issue, users should upgrade to version 2.23.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-20072.
Read more Communication
In Librenms versions up to 24.10.1 a medium severity vulnerability CVE-2025-23200 was detected. This vulnerability allows attackers to inject malicious scripts into Librenms, which can then execute when viewed by a user, potentially leading to unauthorized actions or data exposure. To fix this issue, users should upgrade Librenms to version 24.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-23200.
Read more Monitoring
In Librenms versions up to 24.10.1 a medium severity vulnerability CVE-2025-23198 was detected. This vulnerability allows attackers to insert malicious scripts, which execute when a user interacts with the page, potentially resulting in unauthorized actions. To fix this issue, users should upgrade Librenms to version 24.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-23198.
Read more Monitoring
In Mattermost Mobile versions before 2.22.0 a medium severity vulnerability CVE-2025-20630 was detected. This vulnerability allows attackers to crash the Mattermost Mobile app by sending a post with attachments that contain fields unable to be converted to a String. To fix this issue, users should upgrade Mattermost Mobile to version 2.23.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-20630.
Read more Communication