In Mattermost versions 10.11.x through 10.11.4 and 10.5.x through 10.5.12 a low severity vulnerability CVE-2025-13870 was identified. This vulnerability allows authenticated users to bypass permission validation when accessing files and subscribing to blocks in Boards. As a result, users can access files and subscribe to blocks on other boards they do not have permission to view. To address this issue, users should upgrade Mattermost to versions 10.11.5, 10.5.13 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13870.
Read more Communication
In Mautic versions 4.0 through 4.4.17, 5.0 through 5.2.8, and 6.0 through 6.0.6 a low critical vulnerability CVE-2025-13828 was detected. This vulnerability allows a non-privileged user without access to the Marketplace to install and uninstall arbitrary composer packages, even when the “enable composer based update” setting is disabled. This can lead to malicious code installation, enabling privilege escalation on the platform. To address this issue, users should upgrade Mautic to versions 4.4.18, 5.2.9, 6.0.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13828.
Read more Marketing Automation
In Mautic versions 4.0 through 4.4.17, 5.0 through 5.2.8, and 6.0 through 6.0.6 a high severity vulnerability CVE-2025-13827 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files via the GrapesJS Builder due to lack of file type restrictions. If the media folder is not properly restricted from executing files, this can lead to remote code execution. To address this issue, users should upgrade Mautic to versions 4.4.18, 5.2.9, 6.0.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13827.
Read more Marketing Automation
In Mattermost versions 11.0.x through 11.0.2, 10.12.x through 10.12.1, 10.11.x through 10.11.4, and 10.5.x through 10.5.12 a medium severity vulnerability CVE-2025-12756 was identified. The issue stems from insufficient permission validation in Boards when handling comment deletions, allowing an authenticated user with the editor role to delete comments created by other users. This can lead to unauthorized modification of project information and loss of important discussion history. To address this issue, users should upgrade Mattermost to versions 11.0.3, 10.12.2, 10.11.5, 10.5.13 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12756.
Read more Communication
In OpenVPN versions 2.7_alpha1 through 2.7_rc1 a critical severity vulnerability CVE-2025-12106 was identified. This vulnerability is caused by insufficient argument validation when parsing IP addresses, allowing an attacker to trigger a heap buffer over-read during processing. Successful exploitation could lead to application crashes or undefined behavior under specific conditions. To address this issue, users should upgrade OpenVPN to version 2.7.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12106.
Read more Security
In Zabbix versions up to and including 7.0.5 and 6.4.15 a medium severity vulnerability CVE-2025-49643 was detected. This vulnerability allows an authenticated user, including the Guest account, to trigger excessive CPU consumption on the web server by supplying specially crafted parameters to the /imgstore.php endpoint. Successful exploitation can lead to a denial-of-service condition, degrading the availability of the Zabbix frontend. To address this issue, users should upgrade Zabbix to versions 7.0.6, 6.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49643.
In Zabbix Agent builds for AIX versions up to and including 7.0.5 and 6.4.15 a medium severity vulnerability CVE-2025-49642 was detected. This vulnerability allows local users with write access to the /home/cecuser directory to hijack library loading, potentially leading to arbitrary code execution or privilege escalation. To address this issue, users should upgrade Zabbix Agent to versions 7.0.6, 6.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49642.
In Zabbix Frontend versions up to and including 7.0.5 and 6.4.15 a medium severity vulnerability CVE-2025-27232 was detected. This vulnerability allows an authenticated Zabbix Super Admin to exploit the oauth.authorize action to read arbitrary files from the webserver, resulting in potential confidentiality loss. To address this issue, users should upgrade Zabbix to versions 7.0.6, 6.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27232.
Read more Monitoring
In Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager plugin versions up to and including 4.95 a high severity vulnerability CVE-2025-7402 was detected. This vulnerability allows unauthenticated attackers to perform time-based SQL Injection via the ‘site_id’ parameter due to insufficient escaping and lack of proper preparation in the SQL query. Successful exploitation can lead to extraction of sensitive information from the database. To address this issue, users should upgrade the plugin to version 4.96 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7402.
Read more CMS