In Mattermost versions 10.2.0 and earlier in 10.2.x, 9.11.5 and earlier in 9.11.x, 10.0.3 and earlier in 10.0.x, and 10.1.3 and earlier in 10.1.x a medium severity vulnerability CVE-2025-20621 was detected. This vulnerability allows attackers to crash the Mattermost web app by sending a post with attachments containing fields that cannot be converted to a String. To fix this issue, users should upgrade Mattermost to versions 10.2.1, 10.1.4, 10.0.4 and 9.11.6. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-20621.
Read more Communication
In Sentry versions starting from 21.12.0 before 24.12.1 a medium severity vulnerability CVE-2025-22146 was detected. This vulnerability allows attackers to exploit Sentry’s SAML SSO to crash the application by sending posts with improperly formatted attachments. To fix this issue, users should upgrade Sentry to version 25.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-22146.
Read more Monitoring
In PostgreSQL versions before 17.3, 16.7, 15.11, 14.16 and 13.19 a high severity vulnerability CVE-2025-1094 was detected. This vulnerability allows attackers to exploit improper quoting in libpq functions and PostgreSQL command-line utilities, potentially leading to SQL injection in specific usage scenarios. To address this issue, users should upgrade to PostgreSQL 17.3, 16.7, 15.11, 14.16 or 13.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1094.
Read more Database
In Zulip versions 10.0-dev after commit 50256f48314250978f521ef439cafa704e056539 a medium severity vulnerability CVE-2025-25195 was detected. This vulnerability allows attackers to view the names of private channels through improperly scoped inactivity notifications sent to all users in the organization. To address this issue, users should upgrade Zulip to 10.0-dev at commit 75be449d456d29fef27e9d1828bafa30174284b4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25195.
Read more Communication
In Mattermost versions 9.11.x up to 9.11.6 a low severity vulnerability CVE-2025-0503 was detected. This vulnerability allows attackers to infer user IDs and other metadata from deleted DMs when manually marked as deleted in the database. To address this issue, users should upgrade Mattermost to version 10.4.0 or 9.11.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0503.
Read more Communication
In Mattermost versions 10.2.x up to and including 10.2.0, 9.11.x up to and including 9.11.5, 10.0.x up to and including 10.0.3, 10.1.x up to and including 10.1.3 a medium severity vulnerability CVE-2025-20088 was detected. This vulnerability allows a malicious authenticated user to cause a crash by creating a malicious post with improperly validated post props. To address this issue, users should upgrade Mattermost to version 10.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-20088.
Read more Communication
In Mattermost versions 10.2.x up to and including 10.2.0, 9.11.x up to and including 9.11.5, 10.0.x up to and including 10.0.3, 10.1.x up to and including 10.1.3 a medium severity vulnerability CVE-2025-21088 was detected. This vulnerability allows an attacker to crash the frontend by crafting malicious input that improperly validates the style of proto supplied to an action’s style in post.props.attachments. To address this issue, users should upgrade Mattermost to version 10.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21088.
Read more Communication
In Mattermost versions 10.2.x up to and including 10.2.0, 9.11.x up to and including 9.11.5, 10.0.x up to and including 10.0.3, 10.1.x up to and including 10.1.3 a medium severity vulnerability CVE-2025-20086 was detected. This vulnerability allows a malicious authenticated user to cause a crash by creating a malicious post with improperly validated post props. To address this issue, users should upgrade Mattermost to version 10.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-20086.
Read more Communication
In LibreNMS versions prior to 24.10.1 a medium severity vulnerability CVE-2025-23201 was detected. This vulnerability allows remote attackers to execute malicious scripts via the `/addhost` parameter `community`, leading to unauthorized actions or data exposure. To address this issue, users should upgrade LibreNMS to version 24.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23201.
Read more Monitoring