In Mattermost versions 10.11.0 through 10.11.3, 10.5.0 through 10.5.11, and 10.12.0 a medium severity vulnerability CVE-2025-55073 was identified in the MS Teams plugin OAuth flow. The plugin fails to properly validate the relationship between the post being updated and the OAuth authorization redirect, allowing an attacker to craft a malicious MSTeams plugin OAuth redirect URL and edit arbitrary posts. To fix this vulnerability, users should upgrade Mattermost to versions 11.0.0, 10.11.4, 10.5.12, or 10.12.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55073.
Read more CommunicationIn Kibana versions 8.12.0 through 8.19.6, 9.1.0 through 9.1.6, and 9.2.0 a medium severity vulnerability CVE-2025-37734 was detected. This vulnerability allows remote attackers to perform Server-Side Request Forgery (SSRF) via a forged Origin HTTP header processed by the Observability AI Assistant. To fix this vulnerability, users should upgrade Kibana to versions 8.19.7, 9.1.7, or 9.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-37734.
Read more Data AnalyticsIn pgAdmin versions up to and including 9.9 a high severity vulnerability CVE-2025-12765 was detected. This vulnerability allows attackers to bypass TLS certificate verification in the LDAP authentication flow, potentially enabling unauthorized access through a man-in-the-middle attack. To fix this vulnerability, users should upgrade pgAdmin to version 10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12765.
Read more DatabaseIn pgAdmin versions up to and including 9.9 a high severity vulnerability CVE-2025-12764 was detected. This vulnerability allows attackers to perform LDAP injection by supplying specially crafted usernames containing LDAP control characters. Successful exploitation can cause the LDAP server and client to process excessive data, potentially leading to a denial of service (DoS). To fix this vulnerability, users should upgrade pgAdmin to version 10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12764.
Read more DatabaseIn pgAdmin versions up to and including 9.9 a medium severity vulnerability CVE-2025-12763 was detected. This vulnerability allows attackers to execute arbitrary system commands on Windows systems due to improper use of the shell=True parameter during backup and restore operations. By supplying specially crafted file paths, attackers can achieve command injection and gain unauthorized control of the affected system. To fix this vulnerability, users should upgrade pgAdmin to version 10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12763.
Read more DatabaseIn pgAdmin versions up to and including 9.9 a critical vulnerability CVE-2025-12762 was identified. When running in server mode, pgAdmin is vulnerable to remote code execution (RCE) during restore operations from PLAIN-format SQL dump files. An attacker could exploit this flaw to inject and execute arbitrary commands on the system hosting pgAdmin, compromising both the database management environment and underlying server data. Users are strongly advised to upgrade to pgAdmin version 10.0 or later to mitigate this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12762.
Read more DatabaseIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47932 was detected. This vulnerability allows cross-site scripting (XSS) attacks when a dashboard is rendered via an AJAX call, due to unsanitized input. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47932.
Read more IT Business ManagementIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47773 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) when a dashboard is edited via an AJAX call. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47773.
Read more IT Business ManagementIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47286 was detected. This vulnerability allows an administrator to execute arbitrary code on the server by editing the configuration of the iTop instance in the backup creation functionality. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47286.
Read more IT Business Management