Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    22 Oct 2025 Business and Enterprise Solutions
    Liferay: Improper Authentication Allows Unauthenticated Cluster Messages to Be Treated as Trusted Data

    In Liferay Portal versions 7.4.0 through 7.4.3.132 and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 a medium severity vulnerability CVE-2025-62250 was detected. This vulnerability allows remote attackers to send unauthenticated cluster messages that are treated as trusted data, potentially compromising system integrity. To address this issue, users should upgrade to Liferay DXP versions 2024.Q1.1, 2023.Q4.1, 2023.Q3.5, 7.3 update 36, or the latest master branch of Liferay Portal. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62250.

    Read more
    CMS
    22 Oct 2025 Business and Enterprise Solutions
    Liferay: Reflected XSS in google_gadget Allows Remote JavaScript Injection

    In Liferay Portal versions 7.4.0 through 7.4.3.132 and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20, and 2023.Q4.0 through 2023.Q4.10 a medium severity vulnerability CVE-2025-62249 was detected. This reflected XSS vulnerability allows a remote unauthenticated attacker to inject arbitrary JavaScript via the google_gadget. To address this issue, users should upgrade to Liferay DXP versions 2025.Q3.3, 2025.Q1.18, 2024.Q1.21, or the latest master branch of Liferay Portal. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62249.

    Read more
    CMS
    22 Oct 2025 DevOps
    Sonatype Nexus: SSRF Vulnerability in Remote Browser Plugin

    In Sonatype Nexus Repository 2.x versions up to and including 2.15.2 a high severity vulnerability CVE-2025-9868 was detected. This vulnerability in the Remote Browser Plugin allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests. To address this issue, users should upgrade to Nexus Repository 3.x. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9868.

    Read more
    Developer Tools
    22 Oct 2025 Business and Enterprise Solutions
    Liferay: Stored XSS Vulnerability in Forms via Rich Text Fields

    In Liferay Portal versions 7.3.2 through 7.4.3.111, and Liferay DXP 7.3 GA through update 35, 7.4 GA through update 92, 2023.Q3.1 through 2023.Q3.8, and 2023.Q4.0 through 2023.Q4.5 a medium severity vulnerability CVE-2025-43830 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted payload in a form with a rich text type field. Users should update Liferay Portal to 7.4.3.112 and Liferay DXP to 7.3 update 36, 7.4.Q1.1, 2023.Q3.9, or 2023.Q4.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43830.

    Read more
    CMS
    22 Oct 2025 Business and Enterprise Solutions
    Liferay: Stored XSS Vulnerability in Commerce Diagram SVG Handling

    In Liferay Portal versions 7.4.3.18 through 7.4.3.111, and Liferay DXP 7.4 update 18 through update 92, 2023.Q3.1 through 2023.Q3.8, and 2023.Q4.0 through 2023.Q4.5 a medium severity vulnerability CVE-2025-43829 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted payload in a Commerce diagram SVG file. Users should update Liferay Portal to 7.4.3.112 and Liferay DXP to 7.3 update 36, 7.4.Q1.1, 2023.Q3.9, or 2023.Q4.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43829.

    Read more
    CMS
    21 Oct 2025 Communication and Collaboration
    Mastodon: OAuth Clients Without Read Scope Can Access Public Timelines

    In Mastodon versions 4.2.27 through 4.2.x, 4.3.0 through 4.3.14, and 4.4.0 through 4.4.6 a medium severity vulnerability CVE-2025-62176 was detected. The streaming server serves public timeline events to clients with valid tokens even if they lack the read:statuses scope, allowing limited access to new public posts. To address this issue, users should upgrade Mastodon to versions 4.2.27, 4.3.14, or 4.4.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62176.

    Read more
    Communication
    21 Oct 2025 Communication and Collaboration
    Mastodon: Disabled or Suspended Users Remain Connected to Streaming API

    In Mastodon versions 4.2.27 through 4.2.x, 4.3.0 through 4.3.14, and 4.4.0 through 4.4.6 a medium severity vulnerability CVE-2025-62175 was detected. Disabling or suspending user accounts does not disconnect them from the streaming API, allowing continued access to real-time updates. To address this issue, users should upgrade Mastodon to versions 4.2.27, 4.3.14, or 4.4.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62175.

    Read more
    Communication
    21 Oct 2025 Communication and Collaboration
    Mastodon: Active Sessions Persist After Password Reset

    In Mastodon versions 4.2.27 through 4.2.x, 4.3.0 through 4.3.14, and 4.4.0 through 4.4.6 a low severity vulnerability CVE-2025-62174 was detected. Active sessions and access tokens are not revoked when a user’s password is reset via the command-line interface, allowing continued access to the account. To address this issue, users should upgrade Mastodon to versions 4.2.27, 4.3.14, or 4.4.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62174.

    Read more
    Communication
    21 Oct 2025 DevOps
    Spring Framework: STOMP Over WebSocket CSRF Vulnerability

    In Spring Framework versions 6.2.0 through 6.2.11, 6.1.0 through 6.1.23, and 5.3.0 through 5.3.45 a medium severity vulnerability CVE-2025-41254 was detected. STOMP over WebSocket applications may allow an attacker to send unauthorized messages. To address this issue, users should upgrade Spring Framework to versions 6.2.12, 6.1.24, or 5.3.46 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-41254.

    Read more
    Application Development
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}