In Nagios XI versions prior to 2026R1.1 a high severity vulnerability CVE-2025-34288 was detected. This vulnerability allows attackers with local access to escalate privileges to root by abusing a sudo-executed maintenance script that includes a PHP file writable by a lower-privileged user, enabling malicious code injection and resulting in arbitrary code execution with root privileges when the script is run. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-34288.
Read more MonitoringIn Mattermost versions 11.0.x up to and including 11.0.4, 10.12.x up to and including 10.12.2, 10.11.x up to and including 10.11.6, and Mattermost Calls versions up to and including 1.10.0 a medium severity vulnerability CVE-2025-62190 was detected. This vulnerability allows authenticated attackers to initiate calls and inject messages into channels or direct messages by exploiting missing CSRF protection on the Calls widget page via a malicious webpage or crafted link. To address this issue, users should upgrade Mattermost to versions 11.1.0, 11.0.5, 10.12.3, 10.11.7 or Mattermost Calls plugin to version 1.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62190.
Read more CommunicationIn Mattermost versions 10.11.x up to and including 10.11.6 and Mattermost GitHub plugin versions up to and including 2.4.0 a low severity vulnerability CVE-2025-13352 was detected. This vulnerability allows attackers to hijack the GitHub reaction forwarding feature by exploiting insufficient validation of the plugin bot identity, causing users to unknowingly add reactions to arbitrary GitHub objects via crafted notification posts. To address this issue, users should upgrade Mattermost to versions 11.1.0, 10.11.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13352.
Read more CommunicationIn Kibana versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.7, from 9.0.0 up to and including 9.1.7, from 9.2.0 up to and including 9.2.1 a medium severity vulnerability CVE-2025-68386 was detected. This vulnerability is caused by improper authorization (CWE-285), allowing an authenticated attacker to escalate privileges by changing a document’s sharing type to “global” through a crafted HTTP request, even without the required permissions, thereby making the document visible to all users within the space. To address this issue, users should upgrade Kibana to versions 8.19.8, 9.1.8 and 9.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68386.
Read more Data AnalyticsIn Kibana versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.8, from 9.0.0 up to and including 9.1.8, from 9.2.0 up to and including 9.2.2 a high severity vulnerability CVE-2025-68385 was detected. This vulnerability allows authenticated attackers to perform cross-site scripting (XSS) by embedding malicious scripts into content served to users’ web browsers, due to improper neutralization of input during web page generation in a Vega method that bypasses a previous XSS mitigation. To address this issue, users should upgrade Kibana to versions 8.19.9, 9.1.9 and 9.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68385.
Read more Data AnalyticsIn Mattermost versions 10.11.x up to and including 10.11. a low severity vulnerability CVE-2025-62690 was detected. This vulnerability allows attackers to redirect victims to malicious websites by abusing improper validation of redirect URLs on the /error page through a crafted link opened in a new tab. To address this issue, users should upgrade Mattermost to version 11.1.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62690.
Read more CommunicationIn React Server Components versions 19.0.2, 19.1.3 and 19.2.2 a high severity vulnerability CVE-2025-67779 was detected. This vulnerability stems from an incomplete fix for CVE-2025-55184 and allows unsafe deserialization of payloads from HTTP requests to Server Function endpoints, which can be exploited to trigger an infinite loop that hangs the server process and prevents future HTTP requests from being served. To address this issue, users should upgrade React to versions 19.0.3, 19.1.4 or 19.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67779.
Read more Application DevelopmentIn Kibana versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.6, from 9.0.0 up to and including 9.1.6, and 9.2.0 a medium severity vulnerability CVE-2025-68422 was detected. This vulnerability results from improper authorization (CWE-285) and allows an authenticated user to bypass intended permission restrictions via a crafted HTTP request, enabling access to the list of live queries without having the required live queries – read permission. To address this issue, users should upgrade Kibana to versions 8.19.7, 9.1.7 and 9.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68422.
Read more Data AnalyticsIn Filebeat versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.8, from 9.0.0 up to and including 9.1.8, from 9.2.0 up to and including 9.2.2 a medium severity vulnerability CVE-2025-68383 was detected. This vulnerability stems from improper validation of specified index, position, or offset in input (CWE-1285) within the Syslog parser and the Libbeat Dissect processor, allowing a user to trigger a buffer overflow and cause a denial-of-service (panic/crash) of the Filebeat process via a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration. To address this issue, users should upgrade Filebeat to versions 8.19.9, 9.1.9 and 9.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68383.
Read more Data Analytics