In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q3.0, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.20 a medium severity vulnerability CVE-2025-43787 was detected. This vulnerability allows attackers to inject JavaScript through the organization site names, which is stored and executed without proper sanitization or escaping. To fix this problem, users should upgrade to Liferay Portal fixed on master branch, Liferay DXP 2024.Q1.21, or Liferay DXP 2025.Q3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43787.
Read more CMS
In Liferay Portal versions 7.4.0 through 7.4.3.124, and Liferay DXP versions 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43782 was detected. This vulnerability allows attackers to access a workflow definition by name via the API because of an insecure direct object reference. To fix this problem, users should upgrade to Liferay Portal 7.4.3.125, Liferay DXP 2024.Q1.13, Liferay DXP 2024.Q2.8, or Liferay DXP 2024.Q3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43782.
Read more CMS
In Mattermost versions 10.10.x prior to 10.10.2, 10.5.x prior to 10.5.10, and 10.9.x prior to 10.9.5 a medium severity vulnerability CVE-2025-9072 was detected. This vulnerability allows attackers to take over Mattermost accounts by crafting a malicious link that abuses the RelayState SAML parameter, enabling user cookies to be sent to an attacker-controlled URL after authentication. To address this issue, users should upgrade Mattermost to versions 10.10.2, 10.5.10, or 10.9.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9072.
Read more Communication
In Mattermost versions 10.8.x prior to 10.8.4, 10.5.x prior to 10.5.9, 9.11.x prior to 9.11.18, 10.10.x prior to 10.10.2, and 10.9.x prior to 10.9.4 a medium severity vulnerability CVE-2025-9078 was detected. This vulnerability allows authenticated users to access unauthorized posts and poison link previews by exploiting weak cache key validation through hash collision attacks on FNV-1 hashing. To address this issue, users should upgrade Mattermost to versions 10.8.4, 10.5.9, 9.11.18, 10.10.2, or 10.9.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9078.
Read more Communication
In Mattermost versions 10.5.x prior to 10.5.10 a medium severity vulnerability CVE-2025-9084 was detected. This vulnerability allows attackers to redirect users to malicious sites via crafted OAuth login URLs due to improper validation of redirect URLs. To address this issue, users should upgrade Mattermost to version 10.5.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9084.
Read more Communication
In Liferay Portal versions 7.4.0 through 7.4.3.101 and Liferay DXP versions 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 a medium severity vulnerability CVE-2025-43796 was detected. This vulnerability allows remote attackers to perform denial-of-service attacks on the application by executing GraphQL queries that return a large number of objects without restriction. To address this issue, users should upgrade Liferay Portal to version 7.4.3.102 or later, and Liferay DXP to version 2023.Q3.5, 7.4 update 93, or 7.3 update 36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43796.
Read more CMS
In Liferay Portal versions 7.4.0 through 7.4.3.124 and Liferay DXP versions 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 a high severity vulnerability CVE-2025-43790 was detected. This vulnerability allows remote authenticated users from one virtual instance to access, create, edit, and relate data/object entries or definitions to an object in a different virtual instance. To address this issue, users should upgrade Liferay Portal to version 7.4.3.125 or later, and Liferay DXP to version 2024.Q2.7, 2024.Q1.13, or 7.4 update 93. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43790.
Read more CMS
In Mattermost Server versions 10.10.x up to and including 10.10.1 a medium severity vulnerability CVE-2025-9076 was detected. This vulnerability allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects during shared channel membership synchronization. To address this issue, users should upgrade Mattermost Server to version 10.10.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9076.
Read more Communication
In Zabbix version 5.0 a medium severity vulnerability CVE-2025-27234 was detected. This vulnerability allows attackers to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this can result in remote code execution. To address this issue, users should upgrade Zabbix to version 5.0.47 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27234.
Read more Monitoring