In Nagios XI versions prior to 5.8.7 a medium severity vulnerability CVE-2021-47698 was detected. This vulnerability allows remote attackers to execute arbitrary JavaScript in a victim’s browser via the Core UI’s Views URL handling, due to insufficient validation or escaping of user-supplied input in the `escape_string()` function. To address this issue, users should upgrade Nagios XI to version 5.8.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2021-47698.
Read more MonitoringIn ZITADEL versions 4.0.0-rc.1 through 4.6.2 a high severity vulnerability CVE-2025-64431 was detected. This vulnerability allows authenticated users with specific administrator roles in one organization to access or modify organization-level data (such as name, domains, and metadata) of other organizations via insecure direct object reference (IDOR) in the V2Beta API, leading to cross-tenant data tampering. To address this issue, users should upgrade ZITADEL to version 4.6.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64431.
Read more Developer ToolsIn Nagios XI versions prior to 2024R1.1.3 a high severity vulnerability CVE-2024-13997 was detected. This vulnerability allows an authenticated administrator to leverage the Migrate Server feature to obtain root privileges on the underlying Nagios XI host, enabling full control of the operating system. To address this issue, users should upgrade Nagios XI to version 2024R1.1.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13997.
Read more MonitoringIn Django versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8 a critical severity vulnerability CVE-2025-64459 was identified. This vulnerability allows attackers to perform SQL injection by supplying a crafted dictionary as the _connector argument in QuerySet and Q objects. To fix this vulnerability, users should upgrade to Django 5.1.14, 4.2.26, 5.2.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64459.
Read more Application DevelopmentIn Django versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8 a high severity vulnerability CVE-2025-64458 was identified. Due to slow NFKC normalization on Windows systems, HttpResponseRedirect, HttpResponsePermanentRedirect, and the redirect shortcut could be abused to trigger excessive processing time using inputs containing very large numbers of Unicode characters, potentially leading to a denial-of-service (DoS). To fix this vulnerability, users should upgrade to Django 5.1.14, 4.2.26, 5.2.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64458.
Read more Application DevelopmentIn Kubernetes C# client versions prior to 17.0.14 a medium severity vulnerability CVE-2025-9708 was detected. This vulnerability allows the client to accept certificates from any Certificate Authority (CA) without properly validating the trust chain in custom CA mode, which may allow a malicious actor to present a forged certificate and perform man-in-the-middle attacks or API impersonation. To fix this vulnerability, users should upgrade to version 17.0.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9708.
Read more Developer ToolsIn Kafka-UI versions 0.6.0 through 0.7.2 a medium severity vulnerability CVE-2025-60537 was detected. This vulnerability in the /kafka/ui/serdes/CustomSerdeLoader.java component allows attackers to execute arbitrary code by supplying crafted data. To fix this vulnerability, users should upgrade to a version later than 0.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-60537.
Read more Data AnalyticsIn Kafka-UI versions 0.6.0 through 0.7.2 a high severity vulnerability CVE-2025-60536 was detected. This vulnerability in the Configure New Cluster interface allows attackers to cause a denial of service (DoS) by uploading a crafted configuration file. To fix this vulnerability, users should upgrade to a version later than 0.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-60536.
Read more Data AnalyticsIn Genesis Framework theme for WordPress versions up to and including 3.6.0 a medium severity vulnerability CVE-2025-10737 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts via the theme’s shortcodes due to insufficient input sanitization and output escaping. To fix this vulnerability, users should upgrade to version 3.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10737.
Read more CMS