In Mattermost versions 11.0.x up to and including 11.0.4, 10.12.x up to and including 10.12.2, 10.11.x up to and including 10.11.6, and Mattermost Calls versions up to and including 1.10.0 a medium severity vulnerability CVE-2025-62190 was detected. This vulnerability allows authenticated attackers to initiate calls and inject messages into channels or direct messages by exploiting missing CSRF protection on the Calls widget page via a malicious webpage or crafted link. To address this issue, users should upgrade Mattermost to versions 11.1.0, 11.0.5, 10.12.3, 10.11.7 or Mattermost Calls plugin to version 1.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62190.
Read more Communication
In Mattermost versions 10.11.x up to and including 10.11.6 and Mattermost GitHub plugin versions up to and including 2.4.0 a low severity vulnerability CVE-2025-13352 was detected. This vulnerability allows attackers to hijack the GitHub reaction forwarding feature by exploiting insufficient validation of the plugin bot identity, causing users to unknowingly add reactions to arbitrary GitHub objects via crafted notification posts. To address this issue, users should upgrade Mattermost to versions 11.1.0, 10.11.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13352.
Read more Communication
In Kibana versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.8, from 9.0.0 up to and including 9.1.8, from 9.2.0 up to and including 9.2.2 a medium severity vulnerability CVE-2025-68387 was detected. This vulnerability stems from improper input neutralization during web page generation (CWE-79) in a Vega AST evaluator function handler, allowing unauthenticated attackers to inject malicious scripts that are served to users’ browsers and execute arbitrary code via cross-site scripting (XSS). To address this issue, users should upgrade Kibana to versions 8.19.9, 9.1.9 and 9.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68387.
Read more Data Analytics
In React Server Components versions 19.0.2, 19.1.3 and 19.2.2 a high severity vulnerability CVE-2025-67779 was detected. This vulnerability stems from an incomplete fix for CVE-2025-55184 and allows unsafe deserialization of payloads from HTTP requests to Server Function endpoints, which can be exploited to trigger an infinite loop that hangs the server process and prevents future HTTP requests from being served. To address this issue, users should upgrade React to versions 19.0.3, 19.1.4 or 19.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67779.
Read more Application Development
In Kibana versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.6, from 9.0.0 up to and including 9.1.6, and 9.2.0 a medium severity vulnerability CVE-2025-68422 was detected. This vulnerability results from improper authorization (CWE-285) and allows an authenticated user to bypass intended permission restrictions via a crafted HTTP request, enabling access to the list of live queries without having the required live queries – read permission. To address this issue, users should upgrade Kibana to versions 8.19.7, 9.1.7 and 9.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68422.
Read more Data Analytics
In Filebeat versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.8, from 9.0.0 up to and including 9.1.8, from 9.2.0 up to and including 9.2.2 a medium severity vulnerability CVE-2025-68383 was detected. This vulnerability stems from improper validation of specified index, position, or offset in input (CWE-1285) within the Syslog parser and the Libbeat Dissect processor, allowing a user to trigger a buffer overflow and cause a denial-of-service (panic/crash) of the Filebeat process via a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration. To address this issue, users should upgrade Filebeat to versions 8.19.9, 9.1.9 and 9.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68383.
Read more Data Analytics
In Kibana versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.8, from 9.0.0 up to and including 9.1.8, from 9.2.0 up to and including 9.2.2 a medium severity vulnerability CVE-2025-68389 was detected. This vulnerability is caused by allocation of resources without limits or throttling (CWE-770), allowing a low-privileged authenticated attacker to trigger excessive resource consumption through a crafted HTTP request, resulting in a denial of service (DoS) of the Kibana process. To address this issue, users should upgrade Kibana to versions 8.19.9, 9.1.9 and 9.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68389.
Read more Data Analytics
In MongoDB Server versions before 8.0.16, 7.0.26, and 8.2.2 a low severity vulnerability CVE-2025-14345 was detected. This vulnerability can cause temporary data inconsistencies in cross-shard transactions. To fix this issue, users should upgrade to MongoDB Server versions 8.0.16, 7.0.26 or 8.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14345.
Read more Database
In ZITADEL versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 a medium severity vulnerability CVE-2025-67717 was detected. This vulnerability allows authenticated users to view the total number of instance users via the totalResult field, regardless of their permissions, potentially disclosing sensitive information. To address this issue users should upgrade to ZITADEL versions 3.4.5, 4.7.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67717.
Read more Developer Tools