In pgAdmin versions up to and including 9.9 a medium severity vulnerability CVE-2025-12763 was detected. This vulnerability allows attackers to execute arbitrary system commands on Windows systems due to improper use of the shell=True parameter during backup and restore operations. By supplying specially crafted file paths, attackers can achieve command injection and gain unauthorized control of the affected system. To fix this vulnerability, users should upgrade pgAdmin to version 10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12763.
Read more Database
In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47932 was detected. This vulnerability allows cross-site scripting (XSS) attacks when a dashboard is rendered via an AJAX call, due to unsanitized input. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47932.
Read more IT Business Management
In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47773 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) when a dashboard is edited via an AJAX call. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47773.
Read more IT Business Management
In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47286 was detected. This vulnerability allows an administrator to execute arbitrary code on the server by editing the configuration of the iTop instance in the backup creation functionality. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47286.
Read more IT Business Management
In GitHub Enterprise Server versions prior to 3.18.1, 3.17.7, 3.16.10, 3.15.14, and 3.14.19 a high severity vulnerability CVE-2025-11892 was detected. This vulnerability allows a DOM-based cross-site scripting (XSS) via the Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers when an attacker entices a user in sudo mode to click a crafted link. To fix this vulnerability, users should upgrade GitHub Enterprise Server to versions 3.18.1, 3.17.7, 3.16.10, 3.15.14 or 3.14.19 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11892.
Read more Developer Tools
In GitHub Enterprise Server versions prior to 3.19 a high severity vulnerability CVE-2025-11578 was detected. This vulnerability allows an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their SSH key to the root user’s authorized keys, granting full root access. To fix this vulnerability, users should upgrade GitHub Enterprise Server to versions 3.14.19, 3.15.14, 3.16.10, 3.17.7, 3.18.1, or 3.19 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11578.
Read more Developer Tools
In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-64167 was detected. This vulnerability allows remote attackers to execute arbitrary JavaScript code when a user edits the URL parameter due to improper input sanitization. To fix this vulnerability, users should upgrade to iTop version 2.7.13, 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64167.
Read more IT Business Management
In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-49145 was detected. This vulnerability allows users with permissions to create webhooks to trigger database deletion due to insufficient validation of webhook callback signatures. To fix this vulnerability, users should upgrade to iTop version 2.7.13, 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49145.
Read more IT Business Management
In Combodo iTop versions on the 3.x branch prior to 3.2.2 a medium severity vulnerability CVE-2025-48878 was detected. This vulnerability allows users with insufficient privileges to create a ModuleInstallation object due to an insecure direct object reference (IDOR). To fix this vulnerability, users should upgrade to iTop version 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48878.
Read more IT Business Management