In Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3 and 10.11.x <= 10.11.7 a medium severity vulnerability CVE-2025-13767 was detected. This vulnerability allows attackers to read content and attachments from private channels without proper membership validation when using the Jira plugin. To address this issue, users should upgrade Mattermost to versions 11.2.0, 11.1.1, 11.0.6, 10.12.4, 10.11.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13767.
Read more Communication
In Forgejo versions prior to 13.0.2 (and 11 LTS prior to 11.0.7) a critical severity vulnerability CVE-2025-68937 was detected. This vulnerability allows attackers to write to unintended files and potentially gain shell access due to improper handling of out-of-repository symlink destinations in template repositories. To address this issue, users should upgrade Forgejo to version 13.0.2 or later, or 11.0.7 or later for the LTS branch. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68937.
Read more Developer Tools
In Gitea versions prior to 1.20.1 a medium severity vulnerability CVE-2025-68946 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) by injecting forbidden URL schemes such as javascript: into links, which can then be executed in a victim’s browser. To address this issue, users should upgrade Gitea to version 1.20.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68946.
Read more Developer Tools
In Mattermost versions 11.1.x ≤ 11.1.0, 11.0.x ≤ 11.0.5, 10.12.x ≤ 10.12.3 and 10.11.x ≤ 10.11.7 a medium severity vulnerability CVE-2025-64641 was detected. This vulnerability allows attackers to exfiltrate Jira issue data by crafting malicious post actions that abuse the share-issue-publicly endpoint, due to insufficient validation that such actions originate from the official Jira plugin. To address this issue, users should upgrade Mattermost to versions 11.2.0, 11.1.1, 11.0.6, 10.12.4, 10.11.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64641.
Read more Communication
In Mattermost versions 10.11.x up to and including 10.11.5, 11.0.x up to and including 11.0.4, and 10.12.x up to and including 10.12.2 a medium severity vulnerability CVE-2025-13324 was detected. This vulnerability allows attackers who intercept invite tokens to reuse them after initial use, enabling unauthorized manipulation of channel memberships, including adding or removing users from private channels via a token replay attack. To address this issue, users should upgrade Mattermost to versions 11.1.0, 10.11.6, 11.0.5, 10.12.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13324.
Read more Communication
In Mattermost versions 11.0.x ≤ 11.0.4, 10.12.x ≤ 10.12.2, and 10.11.x ≤ 10.11.6 a medium severity vulnerability CVE-2025-12689 was detected. This vulnerability allows attackers to crash the Mattermost Calls plugin by sending malformed WebSocket requests that are not properly validated for UTF-8 encoding, resulting in a denial-of-service condition. To address this issue, users should upgrade Mattermost to versions 11.1.0, 11.0.5, 10.12.3, 10.11.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12689.
Read more Communication
In Mattermost Desktop App versions prior to 6.0.0 a low severity vulnerability CVE-2025-13326 was detected. This vulnerability allows attackers to inherit macOS Transparency, Consent, and Control (TCC) permissions by copying the application binary to a temporary folder due to the Hardened Runtime not being enabled when the app is packaged for the Mac App Store. To address this issue, users should upgrade Mattermost Desktop App to version 6.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13326.
Read more Communication
In Mattermost Desktop App versions below 6.0.0 a low severity vulnerability CVE-2025-13321 was detected. This vulnerability allows attackers with access to a user’s system to gain access to potentially sensitive information by reading unsanitized application logs and data not cleared upon server deletion. To address this issue, users should upgrade Mattermost Desktop App to version 6.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13321.
Read more Communication
In Nagios XI versions prior to 2026R1.1 a high severity vulnerability CVE-2025-34288 was detected. This vulnerability allows attackers with local access to escalate privileges to root by abusing a sudo-executed maintenance script that includes a PHP file writable by a lower-privileged user, enabling malicious code injection and resulting in arbitrary code execution with root privileges when the script is run. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-34288.
Read more Monitoring