Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    3 Dec 2025 Business and Enterprise Solutions
    Mautic: Unrestricted File Upload in GrapesJS Builder Plugin

    In Mautic versions 4.0 through 4.4.17, 5.0 through 5.2.8, and 6.0 through 6.0.6 a high severity vulnerability CVE-2025-13827 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files via the GrapesJS Builder due to lack of file type restrictions. If the media folder is not properly restricted from executing files, this can lead to remote code execution. To address this issue, users should upgrade Mautic to versions 4.4.18, 5.2.9, 6.0.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13827.

    Read more
    Marketing Automation
    3 Dec 2025 DevOps
    Django: Denial of Service via XML Serializer Text Extraction

    In Django versions 4.2 through 4.2.26, 5.1 through 5.1.14, and 5.2 through 5.2.8 a high severity vulnerability CVE-2025-64460 was identified. This vulnerability stems from algorithmic complexity in the XML serializer’s getInnerText() function, which allows a remote attacker to cause a denial of service via CPU and memory exhaustion by submitting specially crafted XML input. To address this issue, users should upgrade Django to versions 4.2.27, 5.1.15, 5.2.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64460.

    Read more
    Application Development
    3 Dec 2025 DevOps
    Django: SQL Injection in FilteredRelation Column Aliases on PostgreSQL

    In Django versions 4.2 through 4.2.26, 5.1 through 5.1.14, and 5.2 through 5.2.8 a medium severity vulnerability CVE-2025-13372 was identified. This vulnerability allows SQL injection in the FilteredRelation column aliases when using a specially crafted dictionary with dictionary expansion as **kwargs passed to QuerySet.annotate() or QuerySet.alias() on PostgreSQL. This can lead to unauthorized data access or modification. To address this issue, users should upgrade Django to versions 4.2.27, 5.1.15, 5.2.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13372.

    Read more
    Application Development
    2 Dec 2025 Communication and Collaboration
    Mattermost: Insufficient Permission Validation Allows Unauthorized Comment Deletion

    In Mattermost versions 11.0.x through 11.0.2, 10.12.x through 10.12.1, 10.11.x through 10.11.4, and 10.5.x through 10.5.12 a medium severity vulnerability CVE-2025-12756 was identified. The issue stems from insufficient permission validation in Boards when handling comment deletions, allowing an authenticated user with the editor role to delete comments created by other users. This can lead to unauthorized modification of project information and loss of important discussion history. To address this issue, users should upgrade Mattermost to versions 11.0.3, 10.12.2, 10.11.5, 10.5.13 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12756.

    Read more
    Communication
    2 Dec 2025 Infrastructure and Network
    OpenVPN: Heap Buffer Over-Read via Insufficient IP Address Validation

    In OpenVPN versions 2.7_alpha1 through 2.7_rc1 a critical severity vulnerability CVE-2025-12106 was identified. This vulnerability is caused by insufficient argument validation when parsing IP addresses, allowing an attacker to trigger a heap buffer over-read during processing. Successful exploitation could lead to application crashes or undefined behavior under specific conditions. To address this issue, users should upgrade OpenVPN to version 2.7.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12106.

    Read more
    Security
    2 Dec 2025 DevOps
    Zabbix: Frontend DoS via Asymmetric Resource Consumption

    In Zabbix versions up to and including 7.0.5 and 6.4.15 a medium severity vulnerability CVE-2025-49643 was detected. This vulnerability allows an authenticated user, including the Guest account, to trigger excessive CPU consumption on the web server by supplying specially crafted parameters to the /imgstore.php endpoint. Successful exploitation can lead to a denial-of-service condition, degrading the availability of the Zabbix frontend. To address this issue, users should upgrade Zabbix to versions 7.0.6, 6.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49643.

    Read more
    Monitoring
    2 Dec 2025 DevOps
    Zabbix: Library Loading Hijacking Vulnerability in AIX Agent Builds

    In Zabbix Agent builds for AIX versions up to and including 7.0.5 and 6.4.15 a medium severity vulnerability CVE-2025-49642 was detected. This vulnerability allows local users with write access to the /home/cecuser directory to hijack library loading, potentially leading to arbitrary code execution or privilege escalation. To address this issue, users should upgrade Zabbix Agent to versions 7.0.6, 6.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49642.

    Read more
    Monitoring
    2 Dec 2025 DevOps
    Zabbix: Arbitrary File Read via oauth.authorize Action

    In Zabbix Frontend versions up to and including 7.0.5 and 6.4.15 a medium severity vulnerability CVE-2025-27232 was detected. This vulnerability allows an authenticated Zabbix Super Admin to exploit the oauth.authorize action to read arbitrary files from the webserver, resulting in potential confidentiality loss. To address this issue, users should upgrade Zabbix to versions 7.0.6, 6.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27232.

    Read more
    Monitoring
    1 Dec 2025 Business and Enterprise Solutions
    WordPress: Remote Code Execution in Sneeit Framework Plugin

    In Sneeit Framework plugin for WordPress versions up to and including 8.3 a critical severity vulnerability CVE-2025-6389 was detected. This vulnerability allows unauthenticated attackers to achieve Remote Code Execution through the sneeit_articles_pagination_callback() function, which processes untrusted user input and passes it to call_user_func(). Successful exploitation enables attackers to execute arbitrary code on the server, potentially leading to backdoor injection or creation of new administrative accounts. To address this issue, users should upgrade the plugin to version 8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6389.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}