In Elasticsearch versions 7.0.0-alpha1 and prior, prior to 8.19.8, 9.0.0-beta1 and prior, prior to 9.1.8, 9.2.0 and prior, 9.2.1 and prior a medium severity vulnerability CVE-2025-68390 was detected. This vulnerability is caused by allocation of resources without limits or throttling (CWE-770), allowing an authenticated user with snapshot restore privileges to trigger excessive memory allocation through a crafted HTTP request, resulting in a denial of service (DoS). To address this issue, users should upgrade Elasticsearch to versions 8.19.8, 9.1.8 and 9.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68390.
Read more Data Analytics
In Elasticsearch versions 7.0.0-alpha1 and prior, prior to 8.19.8, 9.0.0-beta1 and prior, prior to 9.1.8, 9.2.0 and prior, 9.2.2 a medium severity vulnerability CVE-2025-68384 was detected. This vulnerability stems from allocation of resources without limits or throttling (CWE-770), allowing a low-privileged authenticated user to trigger excessive memory allocation by submitting oversized user settings data, resulting in a persistent denial of service (OOM crash). To address this issue, users should upgrade Elasticsearch to versions 8.19.9, 9.1.9 and 9.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68384.
Read more Data Analytics
In Calendar plugin for WordPress versions up to 1.3.16 a medium severity vulnerability CVE-2025-14548 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the ‘event_desc’ parameter, which execute when other users access the affected pages. To address this issue, users should upgrade Calendar plugin to versions 1.3.17 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14548.
Read more CMS
In LibreNMS versions prior to 25.12.0 a medium severity vulnerability CVE-2025-68614 was detected. This vulnerability allows attackers to inject arbitrary HTML or scripts via the Alert Rule API because alert rule names are not properly sanitized, leading to stored cross-site scripting (XSS) when the rules are viewed. To address this issue, users should upgrade LibreNMS to versions 25.12.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68614.
Read more Monitoring
In MariaDB versions affected by CVE-2025-13699 a medium severity vulnerability was detected. This vulnerability allows remote attackers to execute arbitrary code via the mariadb-dump utility due to improper validation of user-supplied paths in view names, enabling directory traversal and code execution in the context of the current user. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13699.
Read more Database
In Mattermost versions 11.1.x ≤ 11.1.0, 11.0.x ≤ 11.0.5, 10.12.x ≤ 10.12.3 and 10.11.x ≤ 10.11.7 a medium severity vulnerability CVE-2025-64641 was detected. This vulnerability allows attackers to exfiltrate Jira issue data by crafting malicious post actions that abuse the share-issue-publicly endpoint, due to insufficient validation that such actions originate from the official Jira plugin. To address this issue, users should upgrade Mattermost to versions 11.2.0, 11.1.1, 11.0.6, 10.12.4, 10.11.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64641.
Read more Communication
In Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 and Mattermost Jira plugin versions <=4.4.0 a medium severity vulnerability CVE-2025-14273 was detected. This vulnerability allows unauthenticated attackers to issue forged GET and POST requests to the Jira server by spoofing user IDs and injecting arbitrary issue key paths due to improper enforcement of authentication and path restrictions in the Jira plugin. To address this issue, users should upgrade Mattermost to versions 11.2.0, 11.1.1, 11.0.6, 10.12.4, 10.11.8 or later and Mattermost Jira plugin to version 4.4.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14273.
Read more Communication
In Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3 and 10.11.x <= 10.11.7 a medium severity vulnerability CVE-2025-13767 was detected. This vulnerability allows attackers to read content and attachments from private channels without proper membership validation when using the Jira plugin. To address this issue, users should upgrade Mattermost to versions 11.2.0, 11.1.1, 11.0.6, 10.12.4, 10.11.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13767.
Read more Communication
In Forgejo versions prior to 13.0.2 (and 11 LTS prior to 11.0.7) a critical severity vulnerability CVE-2025-68937 was detected. This vulnerability allows attackers to write to unintended files and potentially gain shell access due to improper handling of out-of-repository symlink destinations in template repositories. To address this issue, users should upgrade Forgejo to version 13.0.2 or later, or 11.0.7 or later for the LTS branch. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68937.
Read more Developer Tools