In Mattermost versions up to and including 10.5.5, 9.11.15, 10.6.5, 10.7.2, and 10.8.0 a medium severity vulnerability CVE-2025-47871 was detected. This vulnerability allows authenticated users who are playbook members but not channel members to access sensitive information about linked private channels, including channel name, display name, and participant count, through the run metadata API endpoint. To address this issue users must upgrade to versions 10.5.6, 9.11.16, 10.6.6, 10.7.3, or 10.8.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47871.
Read more CommunicationIn Discourse versions prior to 3.5.0.beta6 a high severity vulnerability CVE-2025-48954 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks when the content security policy is not enabled while using social logins. To address this issue, users should upgrade Discourse to versions 3.5.0.beta6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48954.
Read more CommunicationIn authentik versions prior to 2025.4.3 and 2025.6.3 a medium severity vulnerability CVE-2025-52553 was detected. This vulnerability allows unauthorized users to reuse session tokens tied to RAC (Remote Access Component) endpoints by copying URLs containing these tokens, potentially accessing the same session during actions like screensharing. To address this issue, users should upgrade authentik to versions 2025.4.3 or 2025.6.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52553.
Read more SecurityIn MongoDB Server versions prior to 7.0.17, 8.0.5 and 6.0.21 a high severity vulnerability CVE-2025-6709 was detected. This vulnerability allows attackers to trigger a denial of service by submitting specially crafted JSON input containing specific date values when using OIDC authentication. To address this issue, users should upgrade MongoDB Server to versions 7.0.17, 8.0.5 or 6.0.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6709.
Read more DatabaseIn MongoDB Server versions prior to 7.0.17, 8.0.5 and 6.0.21 a high severity vulnerability CVE-2025-6710 was detected. This vulnerability allows attackers to trigger a stack overflow by sending specially crafted JSON inputs that induce deep recursion during parsing, leading to server crashes. To address this issue, users should upgrade MongoDB Server to versions 7.0.17, 8.0.5 or 6.0.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6710.
Read more DatabaseIn MongoDB Server versions prior to 5.0.31, 6.0.24, 7.0.21 and 8.0.5 a medium severity vulnerability CVE-2025-6707 was detected. This vulnerability allows authenticated users to execute requests with stale privileges under certain conditions, even after an authorized administrator has modified their access rights. To address this issue, users should upgrade MongoDB Server to versions 5.0.31, 6.0.24, 7.0.21 or 8.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6707.
Read more DatabaseIn GitLab CE/EE versions from 17.2 before 17.11.5, 18.0 before 18.0.3 and 18.1 before 18.1.1 a medium severity vulnerability CVE-2025-1754 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files to public projects via crafted API requests, potentially resulting in resource abuse and unauthorized content storage. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.5, 18.0.3 or 18.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1754.
Read more Developer ToolsIn GitLab CE/EE versions from 17.3 before 17.11.5, 18.0 before 18.0.3 and 18.1 before 18.1.1 a low severity vulnerability CVE-2025-2938 was detected. This vulnerability allows authenticated users to gain elevated project privileges by requesting access to projects where role changes during the approval process could unintentionally grant higher permissions. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.5, 18.0.3 or 18.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2938.
Read more Developer ToolsIn GitLab CE/EE versions from 10.7 before 17.11.5, 18.0 before 18.0.3 and 18.1 before 18.1.1 a medium severity vulnerability CVE-2025-3279 was detected. This vulnerability allows authenticated attackers to create a denial-of-service (DoS) condition by sending specially crafted GraphQL requests. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.5, 18.0.3 or 18.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3279.
Read more Developer Tools