In Gitea versions before 1.21.8 a medium severity vulnerability CVE-2025-68943 was detected. This vulnerability allows attackers to discover users’ login times via the Explore/Users sorting functionality. To address this issue, users should upgrade Gitea to version 1.21.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68943.
Read more Developer Tools
In Gitea versions before 1.22.2 a medium severity vulnerability CVE-2025-68942 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) via the tag and branch search input box due to improper rendering of input as v-html instead of v-text. To address this issue, users should upgrade Gitea to version 1.22.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68942.
Read more Developer Tools
In Gitea versions before 1.22.3 a medium severity vulnerability CVE-2025-68941 was detected. This vulnerability allows attackers to bypass API token scope restrictions and access private resources when a token is limited to public resources. To address this issue, users should upgrade Gitea to version 1.22.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68941.
Read more Developer Tools
In MariaDB versions affected by CVE-2025-13699 a medium severity vulnerability was detected. This vulnerability allows remote attackers to execute arbitrary code via the mariadb-dump utility due to improper validation of user-supplied paths in view names, enabling directory traversal and code execution in the context of the current user. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13699.
Read more Database
In Elasticsearch versions 7.0.0-alpha1 and prior, prior to 8.19.8, 9.0.0-beta1 and prior, prior to 9.1.8, 9.2.0 and prior, 9.2.1 and prior a medium severity vulnerability CVE-2025-68390 was detected. This vulnerability is caused by allocation of resources without limits or throttling (CWE-770), allowing an authenticated user with snapshot restore privileges to trigger excessive memory allocation through a crafted HTTP request, resulting in a denial of service (DoS). To address this issue, users should upgrade Elasticsearch to versions 8.19.8, 9.1.8 and 9.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68390.
Read more Data Analytics
In Elasticsearch versions 7.0.0-alpha1 and prior, prior to 8.19.8, 9.0.0-beta1 and prior, prior to 9.1.8, 9.2.0 and prior, 9.2.2 a medium severity vulnerability CVE-2025-68384 was detected. This vulnerability stems from allocation of resources without limits or throttling (CWE-770), allowing a low-privileged authenticated user to trigger excessive memory allocation by submitting oversized user settings data, resulting in a persistent denial of service (OOM crash). To address this issue, users should upgrade Elasticsearch to versions 8.19.9, 9.1.9 and 9.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68384.
Read more Data Analytics
In Calendar plugin for WordPress versions up to 1.3.16 a medium severity vulnerability CVE-2025-14548 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the ‘event_desc’ parameter, which execute when other users access the affected pages. To address this issue, users should upgrade Calendar plugin to versions 1.3.17 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14548.
Read more CMS
In LibreNMS versions prior to 25.12.0 a medium severity vulnerability CVE-2025-68614 was detected. This vulnerability allows attackers to inject arbitrary HTML or scripts via the Alert Rule API because alert rule names are not properly sanitized, leading to stored cross-site scripting (XSS) when the rules are viewed. To address this issue, users should upgrade LibreNMS to versions 25.12.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68614.
Read more Monitoring
In Mattermost versions 11.1.x ≤ 11.1.0, 11.0.x ≤ 11.0.5, 10.12.x ≤ 10.12.3 and 10.11.x ≤ 10.11.7 a medium severity vulnerability CVE-2025-64641 was detected. This vulnerability allows attackers to exfiltrate Jira issue data by crafting malicious post actions that abuse the share-issue-publicly endpoint, due to insufficient validation that such actions originate from the official Jira plugin. To address this issue, users should upgrade Mattermost to versions 11.2.0, 11.1.1, 11.0.6, 10.12.4, 10.11.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64641.
Read more Communication