In GitHub Enterprise Server versions prior to 3.19 a high severity vulnerability CVE-2025-11578 was detected. This vulnerability allows an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their SSH key to the root user’s authorized keys, granting full root access. To fix this vulnerability, users should upgrade GitHub Enterprise Server to versions 3.14.19, 3.15.14, 3.16.10, 3.17.7, 3.18.1, or 3.19 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11578.
Read more Developer ToolsIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47932 was detected. This vulnerability allows cross-site scripting (XSS) attacks when a dashboard is rendered via an AJAX call, due to unsanitized input. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47932.
Read more IT Business ManagementIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-64167 was detected. This vulnerability allows remote attackers to execute arbitrary JavaScript code when a user edits the URL parameter due to improper input sanitization. To fix this vulnerability, users should upgrade to iTop version 2.7.13, 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64167.
Read more IT Business ManagementIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-49145 was detected. This vulnerability allows users with permissions to create webhooks to trigger database deletion due to insufficient validation of webhook callback signatures. To fix this vulnerability, users should upgrade to iTop version 2.7.13, 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49145.
Read more IT Business ManagementIn Combodo iTop versions on the 3.x branch prior to 3.2.2 a medium severity vulnerability CVE-2025-48878 was detected. This vulnerability allows users with insufficient privileges to create a ModuleInstallation object due to an insecure direct object reference (IDOR). To fix this vulnerability, users should upgrade to iTop version 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48878.
Read more IT Business ManagementIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-48065 was detected. This vulnerability allows reflected cross-site scripting (XSS) to occur when a form field containing an error renders attacker-controlled content back to the user. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48065.
Read more IT Business ManagementIn Combodo iTop versions prior to 3.2.2 a high severity vulnerability CVE-2025-48055 was detected. This vulnerability allows stored cross-site scripting (XSS) in the User Portal’s browse brick, where user-supplied content could be rendered without proper sanitization. To fix this vulnerability, users should upgrade to iTop versions 3.2.2 or 3.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48055.
Read more IT Business ManagementIn Nagios XI versions prior to 5.8.7 a medium severity vulnerability CVE-2021-47698 was detected. This vulnerability allows remote attackers to execute arbitrary JavaScript in a victim’s browser via the Core UI’s Views URL handling, due to insufficient validation or escaping of user-supplied input in the `escape_string()` function. To address this issue, users should upgrade Nagios XI to version 5.8.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2021-47698.
Read more MonitoringIn ZITADEL versions 4.0.0-rc.1 through 4.6.2 a high severity vulnerability CVE-2025-64431 was detected. This vulnerability allows authenticated users with specific administrator roles in one organization to access or modify organization-level data (such as name, domains, and metadata) of other organizations via insecure direct object reference (IDOR) in the V2Beta API, leading to cross-tenant data tampering. To address this issue, users should upgrade ZITADEL to version 4.6.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64431.
Read more Developer Tools