In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-48065 was detected. This vulnerability allows reflected cross-site scripting (XSS) to occur when a form field containing an error renders attacker-controlled content back to the user. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48065.
Read more IT Business Management
In Combodo iTop versions prior to 3.2.2 a high severity vulnerability CVE-2025-48055 was detected. This vulnerability allows stored cross-site scripting (XSS) in the User Portal’s browse brick, where user-supplied content could be rendered without proper sanitization. To fix this vulnerability, users should upgrade to iTop versions 3.2.2 or 3.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48055.
Read more IT Business Management
In Nagios XI versions prior to 5.8.7 a medium severity vulnerability CVE-2021-47698 was detected. This vulnerability allows remote attackers to execute arbitrary JavaScript in a victim’s browser via the Core UI’s Views URL handling, due to insufficient validation or escaping of user-supplied input in the `escape_string()` function. To address this issue, users should upgrade Nagios XI to version 5.8.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2021-47698.
Read more Monitoring
In ZITADEL versions 4.0.0-rc.1 through 4.6.2 a high severity vulnerability CVE-2025-64431 was detected. This vulnerability allows authenticated users with specific administrator roles in one organization to access or modify organization-level data (such as name, domains, and metadata) of other organizations via insecure direct object reference (IDOR) in the V2Beta API, leading to cross-tenant data tampering. To address this issue, users should upgrade ZITADEL to version 4.6.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64431.
Read more Developer Tools
In Nagios XI versions prior to 2024R1.1.3 a high severity vulnerability CVE-2024-13997 was detected. This vulnerability allows an authenticated administrator to leverage the Migrate Server feature to obtain root privileges on the underlying Nagios XI host, enabling full control of the operating system. To address this issue, users should upgrade Nagios XI to version 2024R1.1.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13997.
Read more Monitoring
In Nagios XI versions prior to 2024R1.1.3 a high severity vulnerability CVE-2024-13998 was detected. This vulnerability allows authenticated users to access sensitive account information, including API keys and hashed passwords, that they should not have permissions for. Exposure of this data could lead to account compromise, abuse of API privileges, or offline password cracking. To address this issue, users should upgrade Nagios XI to version 2024R1.1.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13998.
Read more Monitoring
In Ovatheme Events Manager plugin for WordPress versions up to and including 1.8.6 a medium severity vulnerability CVE-2025-7663 was detected. This vulnerability allows unauthenticated attackers to delete ticket files, download tickets, and perform other unauthorized actions due to missing capability checks in the `/class-ovaem-ajax.php` file. To address this issue, users should upgrade Ovatheme Events Manager plugin to version 1.8.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7663.
Read more CMS
In Kafka-UI versions 0.6.0 through 0.7.2 a high severity vulnerability CVE-2025-60536 was detected. This vulnerability in the Configure New Cluster interface allows attackers to cause a denial of service (DoS) by uploading a crafted configuration file. To fix this vulnerability, users should upgrade to a version later than 0.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-60536.
Read more Data Analytics
In Django versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8 a critical severity vulnerability CVE-2025-64459 was identified. This vulnerability allows attackers to perform SQL injection by supplying a crafted dictionary as the _connector argument in QuerySet and Q objects. To fix this vulnerability, users should upgrade to Django 5.1.14, 4.2.26, 5.2.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64459.
Read more Application Development