In Gitea versions prior to 1.20.1 a medium severity vulnerability CVE-2025-68946 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) by injecting forbidden URL schemes such as javascript: into links, which can then be executed in a victim’s browser. To address this issue, users should upgrade Gitea to version 1.20.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68946.
Read more Developer Tools
In Mattermost versions 10.11.x up to and including 10.11.5, 11.0.x up to and including 11.0.4, and 10.12.x up to and including 10.12.2 a medium severity vulnerability CVE-2025-13324 was detected. This vulnerability allows attackers who intercept invite tokens to reuse them after initial use, enabling unauthorized manipulation of channel memberships, including adding or removing users from private channels via a token replay attack. To address this issue, users should upgrade Mattermost to versions 11.1.0, 10.11.6, 11.0.5, 10.12.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13324.
Read more Communication
In Mattermost versions 11.0.x ≤ 11.0.4, 10.12.x ≤ 10.12.2, and 10.11.x ≤ 10.11.6 a medium severity vulnerability CVE-2025-12689 was detected. This vulnerability allows attackers to crash the Mattermost Calls plugin by sending malformed WebSocket requests that are not properly validated for UTF-8 encoding, resulting in a denial-of-service condition. To address this issue, users should upgrade Mattermost to versions 11.1.0, 11.0.5, 10.12.3, 10.11.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12689.
Read more Communication
In Mattermost Desktop App versions prior to 6.0.0 a low severity vulnerability CVE-2025-13326 was detected. This vulnerability allows attackers to inherit macOS Transparency, Consent, and Control (TCC) permissions by copying the application binary to a temporary folder due to the Hardened Runtime not being enabled when the app is packaged for the Mac App Store. To address this issue, users should upgrade Mattermost Desktop App to version 6.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13326.
Read more Communication
In Mattermost Desktop App versions below 6.0.0 a low severity vulnerability CVE-2025-13321 was detected. This vulnerability allows attackers with access to a user’s system to gain access to potentially sensitive information by reading unsanitized application logs and data not cleared upon server deletion. To address this issue, users should upgrade Mattermost Desktop App to version 6.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13321.
Read more Communication
In Nagios XI versions prior to 2026R1.1 a high severity vulnerability CVE-2025-34288 was detected. This vulnerability allows attackers with local access to escalate privileges to root by abusing a sudo-executed maintenance script that includes a PHP file writable by a lower-privileged user, enabling malicious code injection and resulting in arbitrary code execution with root privileges when the script is run. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-34288.
Read more Monitoring
In Mattermost versions 11.0.x up to and including 11.0.4, 10.12.x up to and including 10.12.2, 10.11.x up to and including 10.11.6, and Mattermost Calls versions up to and including 1.10.0 a medium severity vulnerability CVE-2025-62190 was detected. This vulnerability allows authenticated attackers to initiate calls and inject messages into channels or direct messages by exploiting missing CSRF protection on the Calls widget page via a malicious webpage or crafted link. To address this issue, users should upgrade Mattermost to versions 11.1.0, 11.0.5, 10.12.3, 10.11.7 or Mattermost Calls plugin to version 1.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62190.
Read more Communication
In Mattermost versions 10.11.x up to and including 10.11.6 and Mattermost GitHub plugin versions up to and including 2.4.0 a low severity vulnerability CVE-2025-13352 was detected. This vulnerability allows attackers to hijack the GitHub reaction forwarding feature by exploiting insufficient validation of the plugin bot identity, causing users to unknowingly add reactions to arbitrary GitHub objects via crafted notification posts. To address this issue, users should upgrade Mattermost to versions 11.1.0, 10.11.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13352.
Read more Communication
In Kibana versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.7, from 9.0.0 up to and including 9.1.7, from 9.2.0 up to and including 9.2.1 a medium severity vulnerability CVE-2025-68386 was detected. This vulnerability is caused by improper authorization (CWE-285), allowing an authenticated attacker to escalate privileges by changing a document’s sharing type to “global” through a crafted HTTP request, even without the required permissions, thereby making the document visible to all users within the space. To address this issue, users should upgrade Kibana to versions 8.19.8, 9.1.8 and 9.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68386.
Read more Data Analytics