Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    28 Oct 2025 DevOps
    GitLab: Unauthorized Pipeline Execution via Incorrect Authorization

    In GitLab Enterprise Edition versions from 10.6.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a medium severity vulnerability CVE-2025-11971 was detected. This vulnerability allows an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits due to improper authorization validation. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11971.

    Read more
    Developer Tools
    28 Oct 2025 DevOps
    GitLab: Denial of Service via Unrestricted GraphQL Resource Allocation

    In GitLab Community and Enterprise Edition versions from 11.0.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a high severity vulnerability CVE-2025-11447 was detected. This vulnerability allows an unauthenticated attacker to cause a denial of service condition by sending crafted GraphQL requests that consume excessive resources due to missing rate limits and throttling. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11447.

    Read more
    Developer Tools
    28 Oct 2025 DevOps
    GitLab: Denial of Service via Unrestricted Resource Allocation

    In GitLab Community and Enterprise Edition versions from 17.10.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a high severity vulnerability CVE-2025-10497 was detected. This vulnerability allows an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads that consume excessive system resources due to missing rate limits and throttling. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10497.

    Read more
    Developer Tools
    27 Oct 2025 Infrastructure and Network
    OpenVPN: Remote Authenticated Server Shell Command Injection via DNS Variables

    In OpenVPN versions 2.7_alpha1 through 2.7_beta1 a high severity vulnerability CVE-2025-10680 was detected. This vulnerability allows a remote, authenticated OpenVPN server to inject and execute shell commands on POSIX-based clients via specially crafted DNS variables when the client is run with the –dns-updown option. To address this issue, users should upgrade OpenVPN to versions 2.7_beta2 or later (or otherwise avoid the vulnerable 2.7_alpha1–2.7_beta1 builds). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10680.

    Read more
    Security
    27 Oct 2025 Business and Enterprise Solutions
    WordPress: Cross-Site Scripting via Unsanitized SVG Upload in Jeg Kit for Elementor Plugin

    In Jeg Kit for Elementor plugin for WordPress versions prior to 2.7.0 a medium severity vulnerability CVE-2025-9978 was detected. This vulnerability allows attackers to execute arbitrary scripts in the context of a user’s browser by uploading specially crafted SVG files via xmlrpc.php. To address this issue, users should upgrade Jeg Kit for Elementor plugin to version 2.7.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8416.

    Read more
    CMS
    27 Oct 2025 Business and Enterprise Solutions
    WordPress: Unauthenticated SQL Injection via filtersDataBackend in Product Filter by WBW Plugin

    In Product Filter by WBW plugin for WordPress versions up to and including 2.9.7 a high severity vulnerability CVE-2025-8416 was detected. This vulnerability allows unauthenticated attackers to supply specially crafted input to the filtersDataBackend parameter to inject additional SQL into existing queries and extract sensitive database information due to insufficient escaping and lack of prepared statements. To address this issue, users should upgrade Product Filter by WBW plugin to version 2.9.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8416.

    Read more
    CMS
    27 Oct 2025 Business and Enterprise Solutions
    WordPress: Stored Cross-Site Scripting via soundcloud Shortcode in Listeo Theme

    In the Listeo theme for WordPress versions up to and including 2.0.8 a medium severity vulnerability CVE-2025-8413 was detected. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts via the theme’s soundcloud shortcode because of insufficient input sanitization and output escaping on user-supplied attributes; injected scripts execute whenever a user accesses an affected page. To address this issue, users should upgrade the Listeo theme to version 2.0.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8413.

    Read more
    CMS
    27 Oct 2025 Infrastructure and Network
    Vault: AWS Auth Method Authentication Bypass

    In Vault Community Edition versions 0.6.0 up to 1.20.4, and in Vault Enterprise versions 0.6.0 up to 1.20.4, 1.19.10, 1.18.15, and 1.16.26 a high severity vulnerability CVE-2025-11621 was detected. This vulnerability allows an attacker to bypass AWS authentication when the role of the configured bound_principal_iam is the same across AWS accounts or uses a wildcard. To address this issue, users should update to Vault Community Edition 1.21.0 or Vault Enterprise 1.21.0, 1.20.5, 1.19.11, or 1.16.27. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11621.

    Read more
    Security
    24 Oct 2025 Business and Enterprise Solutions
    Liferay: Missing Authorization in Collection Provider Enables Unauthorized Blueprint Access

    In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.19 a low severity vulnerability CVE-2025-62247 was detected. This vulnerability allows instance users to access and select unauthorized Blueprints through Collection Providers across instances, potentially exposing restricted configuration data. To address this issue, users should update to Liferay DXP 2025.Q3.0, 2025.Q2.10, 2025.Q1.17, or 2024.Q1.20. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62247.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}