In Liferay Portal versions 7.2.0 through 7.4.3.112 and Liferay DXP versions 2024.Q1.1 through 2024.Q1.2, 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4, and older unsupported releases a medium severity vulnerability CVE-2025-43826 was detected. This stored cross-site scripting issue allows remote attackers to inject arbitrary script or HTML via rich text fields in Web Content translation. To address this vulnerability, users should upgrade Liferay Portal to version 7.4.3.113 and Liferay DXP to versions 2024.Q2.0, 2024.Q1.3, 2023.Q4.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43826.
Read more CMS
In Kibana versions from 8.7.0 up to 8.15.0 a medium severity vulnerability CVE-2024-43710 was detected. This vulnerability allows a user with read access to Fleet to exploit the /api/fleet/health_check API to send requests to internal HTTPS endpoints that return JSON, resulting in a server-side request forgery. To address this issue, users should upgrade Kibana to version 8.15.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43710.
Read more Data Analytics
In Argo CD versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 a high severity vulnerability CVE-2025-55191 was detected. This vulnerability allows authenticated attackers with repository permissions to trigger a race condition in the repository credentials handler, causing the Argo CD server to panic and crash, leading to denial-of-service. To address this issue, users should upgrade Argo CD to versions 2.14.20, 3.2.0-rc2, 3.1.8, 3.0.19 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55191.
Read more Developer Tools
In iTop v.3.1.0-2-11973 a high severity vulnerability CVE-2023-47489 was detected. A CSV injection in the export functionality (export-v2.php and ajax.render.php) allows a local attacker to inject crafted scripts that can lead to arbitrary code execution. To address this issue, users should upgrade iTop to versions 3.0.4, 3.1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-47489.
Read more IT Business Management
In iTop v.3.1.0-2-11973 a medium severity vulnerability CVE-2023-47488 was detected. This cross-site scripting (XSS) vulnerability allows a local attacker to obtain sensitive information by injecting a crafted script into the attrib_manager_id parameter in the General Information page or the id parameter in the contact page. To address this issue, users should upgrade iTop to versions 3.0.4, 3.1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-47488.
Read more IT Business Management
In Kibana versions up to and including 7.17.28, 8.0.0 to 8.17.7, 8.18.0 to 8.18.2, and 9.0.0 to 9.0.2 a medium severity vulnerability CVE-2025-25012 was detected. The flaw allows open redirect attacks through the Short URLs feature in Discover, Dashboard, and Visualization Library, which can redirect users to arbitrary sites and enable server-side request forgery (SSRF). To address this issue, users should upgrade Kibana to versions 7.17.29, 8.17.8, 8.18.3, 9.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25012.
Read more Data Analytics
In Kibana versions prior to 7.17.29, 8.17.8, 8.18.3 and 9.0.3 a medium severity vulnerability CVE-2024-52974 was detected. This vulnerability allows a user with read permissions for Observability to send a specially crafted request to the Observability API, which could cause the Kibana server to crash. To address this issue, users should upgrade Kibana to versions 7.17.29, 8.17.8, 8.18.3, 9.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52974.
Read more Data Analytics
In Liferay Portal versions 7.4.0 through 7.4.3.119, and Liferay DXP versions 2023.Q3.1 through 2023.Q3.10, 2023.Q4.0 through 2024.Q4.10, and 2024.Q1.1 through 2024.Q1.5 (including 7.4 GA through update 92 and older unsupported releases) a medium severity vulnerability CVE-2025-43816 was detected. This memory leak in the StructuredContents headless API could allow an attacker to repeatedly call the endpoint and exhaust server memory, leading to denial of service. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.120 or later, and Liferay DXP 2024.Q1.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43816.
Read more CMS
In Nagios XI versions prior to 2026R1 a high severity vulnerability CVE-2025-34227 was detected. This authenticated command injection issue affects the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query configuration wizards. By injecting shell characters into service arguments, an attacker could execute arbitrary system commands on the underlying host as the nagios user. To address this issue, users should upgrade to Nagios XI 2026R1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-34227.
Read more Monitoring