Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    27 Jun 2025 DevOps
    GitLab: Incident Work Items Permission Bypass via API

    In GitLab CE/EE versions from 17.2 before 17.11.5, 18.0 before 18.0.3 and 18.1 before 18.1.1 a medium severity vulnerability CVE-2025-5315 was detected. This vulnerability allows authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypass UI-enforced role restrictions. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.5, 18.0.3 or 18.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5315.

    Read more
    Developer Tools
    27 Jun 2025 DevOps
    GitLab: Compliance Framework Assignment Bypass via GraphQL

    In GitLab EE versions from 16.10 before 17.11.5, 18.0 before 18.0.3 and 18.1 before 18.1.1 a low severity vulnerability CVE-2025-5846 was detected. This vulnerability allows authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypass framework-specific permission checks. To address this issue, users should upgrade GitLab EE to versions 17.11.5, 18.0.3 or 18.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5846.

    Read more
    Developer Tools
    26 Jun 2025 Project and Agile Management
    Kanboard: Username Enumeration and Brute-Force Protection Bypass

    In Kanboard versions 1.2.45 and prior a medium severity vulnerability CVE-2025-52576 was detected. This vulnerability allows attackers to enumerate valid usernames and bypass IP-based brute-force protection mechanisms such as Fail2Ban or CAPTCHA by abusing trusted HTTP headers and analyzing login behavior. This puts user accounts at higher risk of credential stuffing and brute-force attacks. To address this issue, users should upgrade Kanboard to version 1.2.46. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52576.

    Read more
    Project Management
    26 Jun 2025 Business and Enterprise Solutions
    Umbraco: Password Policy Exposure via Anonymous Endpoint

    In Umbraco versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1 a medium severity vulnerability CVE-2025-49147 was detected. This vulnerability allows unauthenticated attackers to access limited information about the configured password requirements via an anonymous endpoint, which could aid brute-force attacks. To address this issue, users should upgrade Umbraco to versions 10.8.11 or 13.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49147.

    Read more
    CMS
    26 Jun 2025 Communication and Collaboration
    Discourse: Improper Post Visibility Restriction in Discourse Whisper Posts

    In Discourse versions prior to 3.4.6 (stable) and 3.5.0.beta8-dev (tests-passed) a medium severity vulnerability CVE-2025-49845 was detected. This vulnerability allows users to continue viewing their own whisper posts even after losing group-based permission to view such content. To address this issue, users should upgrade Discourse to versions 3.4.6 or later (stable), 3.5.0.beta8-dev (tests-passed). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49845.

    Read more
    Communication
    26 Jun 2025 Infrastructure and Network
    Vault: Uncontrolled Rekey Cancellation Leads to DoS

    In Vault Community and Vault Enterprise versions prior to 1.20.0 a low severity vulnerability CVE-2025-4656 was detected. This vulnerability allows Vault operators to trigger denial-of-service (DoS) conditions by cancelling rekey or recovery key operations without proper control. To address this issue, users should upgrade Vault Community Edition to versions 1.20.0, Vault Enterprise to versions 1.20.0, 1.19.6, 1.18.11, 1.17.17 or 1.16.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4656.

    Read more
    Security
    26 Jun 2025 Data Management and Analytics
    Kibana: Open Redirect and SSRF Vulnerability

    In Kibana versions up to and including 7.17.28, 8.0.0 up to and including 8.17.7, 8.18.0 up to and including 8.18.2 and 9.0.0 up to and including 9.0.2 a medium severity vulnerability CVE-2025-25012 was detected. This vulnerability allows attackers to redirect users to untrusted sites and potentially perform server-side request forgery (SSRF) via specially crafted URLs. To address this issue, users should upgrade Kibana to versions 7.17.29, 8.17.8, 8.18.3 or 9.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25012.

    Read more
    Data Analytics
    25 Jun 2025 DevOps
    Gogs: Remote Command Execution via Insufficient Patch

    In Gogs versions prior to 0.13.3 a critical severity vulnerability CVE-2024-56731 was detected. This vulnerability allows unprivileged users to delete files under the .git directory and execute arbitrary commands with the privileges of the configured RUN_USER, enabling remote command execution and unauthorized modification of other users’ code hosted on the same instance. To address this issue, users should upgrade to versions 0.13.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56731.

    Read more
    Developer Tools
    25 Jun 2025 Project and Agile Management
    Kanboard: Vulnerability Allows Account Takeover via Unvalidated Host Header in Password Reset Links

    In Kanboard versions prior to 1.2.46 a high severity vulnerability CVE-2025-52560 was detected. This vulnerability allows attackers to craft malicious password reset links by exploiting an unvalidated Host header when the application_url configuration is unset, potentially leading to account takeover. To address this issue, users should upgrade Kanboard to versions 1.2.46 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52560.

    Read more
    Project Management
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy