Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    1 Jul 2025 Communication and Collaboration
    Mattermost: Information Disclosure in Mattermost Channels

    In Mattermost versions up to and including 10.5.5, 9.11.15, 10.6.5, 10.7.2, and 10.8.0 a medium severity vulnerability CVE-2025-47871 was detected. This vulnerability allows authenticated users who are playbook members but not channel members to access sensitive information about linked private channels, including channel name, display name, and participant count, through the run metadata API endpoint. To address this issue users must upgrade to versions 10.5.6, 9.11.16, 10.6.6, 10.7.3, or 10.8.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47871.

    Read more
    Communication
    30 Jun 2025 Communication and Collaboration
    Discourse: XSS Vulnerability via Social Logins without Content Security Policy

    In Discourse versions prior to 3.5.0.beta6 a high severity vulnerability CVE-2025-48954 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks when the content security policy is not enabled while using social logins. To address this issue, users should upgrade Discourse to versions 3.5.0.beta6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48954.

    Read more
    Communication
    30 Jun 2025 Infrastructure and Network
    authentik: RAC Session Token Misuse Allows Unauthorized Access via Shared URLs

    In authentik versions prior to 2025.4.3 and 2025.6.3 a medium severity vulnerability CVE-2025-52553 was detected. This vulnerability allows unauthorized users to reuse session tokens tied to RAC (Remote Access Component) endpoints by copying URLs containing these tokens, potentially accessing the same session during actions like screensharing. To address this issue, users should upgrade authentik to versions 2025.4.3 or 2025.6.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52553.

    Read more
    Security
    30 Jun 2025 Data Management and Analytics
    MongoDB: DoS Vulnerability via Malicious JSON in OIDC Authentication

    In MongoDB Server versions prior to 7.0.17, 8.0.5 and 6.0.21 a high severity vulnerability CVE-2025-6709 was detected. This vulnerability allows attackers to trigger a denial of service by submitting specially crafted JSON input containing specific date values when using OIDC authentication. To address this issue, users should upgrade MongoDB Server to versions 7.0.17, 8.0.5 or 6.0.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6709.

    Read more
    Database
    30 Jun 2025 Data Management and Analytics
    MongoDB: JSON Parsing Stack Overflow Vulnerability

    In MongoDB Server versions prior to 7.0.17, 8.0.5 and 6.0.21 a high severity vulnerability CVE-2025-6710 was detected. This vulnerability allows attackers to trigger a stack overflow by sending specially crafted JSON inputs that induce deep recursion during parsing, leading to server crashes. To address this issue, users should upgrade MongoDB Server to versions 7.0.17, 8.0.5 or 6.0.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6710.

    Read more
    Database
    30 Jun 2025 Data Management and Analytics
    MongoDB: Stale Privilege Execution Vulnerability

    In MongoDB Server versions prior to 5.0.31, 6.0.24, 7.0.21 and 8.0.5 a medium severity vulnerability CVE-2025-6707 was detected. This vulnerability allows authenticated users to execute requests with stale privileges under certain conditions, even after an authorized administrator has modified their access rights. To address this issue, users should upgrade MongoDB Server to versions 5.0.31, 6.0.24, 7.0.21 or 8.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6707.

    Read more
    Database
    27 Jun 2025 DevOps
    Gitlab: Unauthenticated File Upload in GitLab Public Projects

    In GitLab CE/EE versions from 17.2 before 17.11.5, 18.0 before 18.0.3 and 18.1 before 18.1.1 a medium severity vulnerability CVE-2025-1754 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files to public projects via crafted API requests, potentially resulting in resource abuse and unauthorized content storage. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.5, 18.0.3 or 18.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1754.

    Read more
    Developer Tools
    27 Jun 2025 DevOps
    Gitlab: Privilege Escalation via Role Modification in GitLab Project Access Requests

    In GitLab CE/EE versions from 17.3 before 17.11.5, 18.0 before 18.0.3 and 18.1 before 18.1.1 a low severity vulnerability CVE-2025-2938 was detected. This vulnerability allows authenticated users to gain elevated project privileges by requesting access to projects where role changes during the approval process could unintentionally grant higher permissions. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.5, 18.0.3 or 18.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2938.

    Read more
    Developer Tools
    27 Jun 2025 DevOps
    GitLab: GraphQL Denial-of-Service Vulnerability via Crafted Requests

    In GitLab CE/EE versions from 10.7 before 17.11.5, 18.0 before 18.0.3 and 18.1 before 18.1.1 a medium severity vulnerability CVE-2025-3279 was detected. This vulnerability allows authenticated attackers to create a denial-of-service (DoS) condition by sending specially crafted GraphQL requests. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.5, 18.0.3 or 18.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3279.

    Read more
    Developer Tools
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy