In Mattermost versions prior to 11 a medium severity vulnerability CVE-2025-55070 was identified. This vulnerability allows unauthenticated users to bypass multi-factor authentication enforcement on WebSocket connections, potentially leading to unauthorized access to sensitive information via WebSocket events. To fix this vulnerability, users should upgrade Mattermost to version 11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55070.
Read more Communication
In Mattermost versions prior to 11.0 a low severity vulnerability CVE-2025-41436 was identified. This vulnerability allows regular users to bypass the “Allow users to view archived channels” setting and access archived channel content and files via the “Open in Channel” functionality from followed threads. To fix this vulnerability, users should upgrade Mattermost to version 11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-41436.
Read more Communication
In PostgreSQL versions before 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 a medium severity vulnerability CVE‑2025‑12818 was discovered in the libpq client library. An integer wraparound issue in multiple libpq functions can cause undersized memory allocations and out-of-bounds writes by hundreds of megabytes. This flaw can lead to application crashes due to segmentation faults and potential memory corruption. To fix this vulnerability, users should upgrade to PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, or 13.23 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12818.
Read more Database
In PostgreSQL versions before 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 a low severity vulnerability CVE‑2025‑12817 was found in the CREATE STATISTICS command. Missing schema CREATE privilege checks allow a table owner to cause denial of service against other CREATE STATISTICS users by creating statistics in any schema, causing later CREATE STATISTICS commands with the same name by authorized users to fail. To fix this vulnerability, users should upgrade to PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, or 13.23 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12817.
Read more Database
In Mattermost versions 10.11.0 through 10.11.3, 10.5.0 through 10.5.11, and 10.12.0 a medium severity vulnerability CVE-2025-55073 was identified in the MS Teams plugin OAuth flow. The plugin fails to properly validate the relationship between the post being updated and the OAuth authorization redirect, allowing an attacker to craft a malicious MSTeams plugin OAuth redirect URL and edit arbitrary posts. To fix this vulnerability, users should upgrade Mattermost to versions 11.0.0, 10.11.4, 10.5.12, or 10.12.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55073.
Read more Communication
In Kibana versions 8.12.0 through 8.19.6, 9.1.0 through 9.1.6, and 9.2.0 a medium severity vulnerability CVE-2025-37734 was detected. This vulnerability allows remote attackers to perform Server-Side Request Forgery (SSRF) via a forged Origin HTTP header processed by the Observability AI Assistant. To fix this vulnerability, users should upgrade Kibana to versions 8.19.7, 9.1.7, or 9.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-37734.
Read more Data Analytics
In pgAdmin versions up to and including 9.9 a high severity vulnerability CVE-2025-12765 was detected. This vulnerability allows attackers to bypass TLS certificate verification in the LDAP authentication flow, potentially enabling unauthorized access through a man-in-the-middle attack. To fix this vulnerability, users should upgrade pgAdmin to version 10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12765.
Read more Database
In pgAdmin versions up to and including 9.9 a high severity vulnerability CVE-2025-12764 was detected. This vulnerability allows attackers to perform LDAP injection by supplying specially crafted usernames containing LDAP control characters. Successful exploitation can cause the LDAP server and client to process excessive data, potentially leading to a denial of service (DoS). To fix this vulnerability, users should upgrade pgAdmin to version 10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12764.
Read more Database
In pgAdmin versions up to and including 9.9 a medium severity vulnerability CVE-2025-12763 was detected. This vulnerability allows attackers to execute arbitrary system commands on Windows systems due to improper use of the shell=True parameter during backup and restore operations. By supplying specially crafted file paths, attackers can achieve command injection and gain unauthorized control of the affected system. To fix this vulnerability, users should upgrade pgAdmin to version 10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12763.
Read more Database