In Mautic versions 4.0 through 4.4.17, 5.0 through 5.2.8, and 6.0 through 6.0.6 a high severity vulnerability CVE-2025-13827 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files via the GrapesJS Builder due to lack of file type restrictions. If the media folder is not properly restricted from executing files, this can lead to remote code execution. To address this issue, users should upgrade Mautic to versions 4.4.18, 5.2.9, 6.0.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13827.
Read more Marketing AutomationIn Django versions 4.2 through 4.2.26, 5.1 through 5.1.14, and 5.2 through 5.2.8 a high severity vulnerability CVE-2025-64460 was identified. This vulnerability stems from algorithmic complexity in the XML serializer’s getInnerText() function, which allows a remote attacker to cause a denial of service via CPU and memory exhaustion by submitting specially crafted XML input. To address this issue, users should upgrade Django to versions 4.2.27, 5.1.15, 5.2.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64460.
Read more Application DevelopmentIn Django versions 4.2 through 4.2.26, 5.1 through 5.1.14, and 5.2 through 5.2.8 a medium severity vulnerability CVE-2025-13372 was identified. This vulnerability allows SQL injection in the FilteredRelation column aliases when using a specially crafted dictionary with dictionary expansion as **kwargs passed to QuerySet.annotate() or QuerySet.alias() on PostgreSQL. This can lead to unauthorized data access or modification. To address this issue, users should upgrade Django to versions 4.2.27, 5.1.15, 5.2.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13372.
Read more Application DevelopmentIn Mattermost versions 11.0.x through 11.0.2, 10.12.x through 10.12.1, 10.11.x through 10.11.4, and 10.5.x through 10.5.12 a medium severity vulnerability CVE-2025-12756 was identified. The issue stems from insufficient permission validation in Boards when handling comment deletions, allowing an authenticated user with the editor role to delete comments created by other users. This can lead to unauthorized modification of project information and loss of important discussion history. To address this issue, users should upgrade Mattermost to versions 11.0.3, 10.12.2, 10.11.5, 10.5.13 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12756.
Read more CommunicationIn OpenVPN versions 2.7_alpha1 through 2.7_rc1 a critical severity vulnerability CVE-2025-12106 was identified. This vulnerability is caused by insufficient argument validation when parsing IP addresses, allowing an attacker to trigger a heap buffer over-read during processing. Successful exploitation could lead to application crashes or undefined behavior under specific conditions. To address this issue, users should upgrade OpenVPN to version 2.7.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12106.
Read more SecurityIn Zabbix versions up to and including 7.0.5 and 6.4.15 a medium severity vulnerability CVE-2025-49643 was detected. This vulnerability allows an authenticated user, including the Guest account, to trigger excessive CPU consumption on the web server by supplying specially crafted parameters to the /imgstore.php endpoint. Successful exploitation can lead to a denial-of-service condition, degrading the availability of the Zabbix frontend. To address this issue, users should upgrade Zabbix to versions 7.0.6, 6.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49643.
In Zabbix Agent builds for AIX versions up to and including 7.0.5 and 6.4.15 a medium severity vulnerability CVE-2025-49642 was detected. This vulnerability allows local users with write access to the /home/cecuser directory to hijack library loading, potentially leading to arbitrary code execution or privilege escalation. To address this issue, users should upgrade Zabbix Agent to versions 7.0.6, 6.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49642.
In Zabbix Frontend versions up to and including 7.0.5 and 6.4.15 a medium severity vulnerability CVE-2025-27232 was detected. This vulnerability allows an authenticated Zabbix Super Admin to exploit the oauth.authorize action to read arbitrary files from the webserver, resulting in potential confidentiality loss. To address this issue, users should upgrade Zabbix to versions 7.0.6, 6.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27232.
Read more MonitoringIn Sneeit Framework plugin for WordPress versions up to and including 8.3 a critical severity vulnerability CVE-2025-6389 was detected. This vulnerability allows unauthenticated attackers to achieve Remote Code Execution through the sneeit_articles_pagination_callback() function, which processes untrusted user input and passes it to call_user_func(). Successful exploitation enables attackers to execute arbitrary code on the server, potentially leading to backdoor injection or creation of new administrative accounts. To address this issue, users should upgrade the plugin to version 8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6389.
Read more CMS