In Zabbix versions 6.0.0 through 6.0.39, 7.0.0 through 7.0.10, and 7.2.0 through 7.2.4 a medium severity vulnerability CVE-2025-27233 was detected. This vulnerability allows attackers to inject unexpected arguments into the smartctl command via the smart.disk.get parameters, which can be exploited to leak the NTLMv2 hash from a Windows system. To address this issue, users should upgrade Zabbix Agent 2 to versions 6.0.40, 7.0.11, 7.2.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27233.
Read more Monitoring
In Zabbix versions 7.0.0 through 7.0.13 and 7.2.0 through 7.2.7 a medium severity vulnerability CVE-2025-27238 was detected. This vulnerability allows users without any assigned user groups to retrieve information on all host prototypes via the hostprototype.get API method. To address this issue, users should upgrade Zabbix to versions 7.0.14 or 7.2.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27238.
Read more Monitoring
In Zabbix Server versions 6.0.0 through 6.0.33, 6.4.0 through 6.4.18, and 7.0.0 through 7.0.3 a medium severity vulnerability CVE-2025-27240 was detected. This vulnerability allows a Zabbix administrator to inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the ‘Visible name’ field. To address this issue, users should upgrade Zabbix to versions 6.0.34, 6.4.19, 7.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27240.
Read more Monitoring
In Flask-AppBuilder versions prior to 4.8.1 a medium severity vulnerability CVE-2025-58065 was detected. This vulnerability allows enabled users to reset their password and generate JWT tokens even after being disabled on the authentication provider, when Flask-AppBuilder is configured with OAuth, LDAP, or other non-database authentication methods. To address this issue, users should upgrade Flask-AppBuilder to version 4.8.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-58065.
Read more Application Development
In GitLab CE/EE versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 a medium severity vulnerability CVE-2025-6769 was detected. This vulnerability allows authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces. To address this issue, users should upgrade GitLab CE/EE to versions 18.1.6, 18.2.6, or 18.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6769.
Read more Developer Tools
In GitLab CE/EE versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 a medium severity vulnerability CVE-2025-6454 was detected. This vulnerability allows authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. To address this issue, users should upgrade GitLab CE/EE to versions 18.1.6, 18.2.6, or 18.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6454.
Read more Developer Tools
In Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier a high severity vulnerability CVE-2025-54236 was detected. This vulnerability is caused by improper input validation and allows attackers to achieve session takeover, with a high impact on confidentiality and integrity. To address this issue, users should upgrade Adobe Commerce to version 2.4.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54236.
Read more E-commerce
In Liferay Portal versions 7.4.3.73 through 7.4.3.128 and Liferay DXP versions 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 73 through update 92 a medium severity vulnerability CVE-2025-43783 was detected. This vulnerability allows attackers to inject arbitrary web script or HTML via the /c/portal/comment/discussion/get_editor path. To address this issue, users should upgrade Liferay Portal to version 7.4.3.129 or later, and Liferay DXP to versions 2024.Q3.2, 2024.Q2.14, or 2024.Q1.13. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43783.
In Liferay Portal versions 7.4.0 through 7.4.3.124 and Liferay DXP versions 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 a midium severity vulnerability CVE-2025-43784 was detected. This vulnerability allows guest users to obtain object entries information via the API Builder. To address this issue, users should upgrade Liferay Portal to version 7.4.3.125 or later, and Liferay DXP to versions 2024.Q2.9 or 2024.Q1.13. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43784.
Read more CMS