Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    13 Jul 2026 Business and Enterprise Solutions
    WordPress: Local File Inclusion in Splash – Sport Club WordPress Theme for Basketball, Football, Hockey

    In Splash – Sport Club WordPress Theme for Basketball, Football, Hockey component for WordPress versions 4.4.3 and earlier a high severity vulnerability CVE-2025-68063 was detected. This vulnerability allows an attacker to include and execute arbitrary files on the server. To address this issue, users should upgrade Splash – Sport Club WordPress Theme for Basketball, Football, Hockey to the latest available version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68063.

    Read more
    CMS
    13 Jul 2026 Communication and Collaboration
    Mattermost: Data exfiltration via markdown rendering in AI bot posts

    In Mattermost versions 10.11.18 and earlier, 11.6.3 and earlier, and 11.5.6 and earlier a low severity vulnerability CVE-2026-3472 was detected. This vulnerability allows an authenticated attacker to exfiltrate data. To address this issue, users should upgrade Mattermost to version 10.11.19 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3472.

    Read more
    Communication
    13 Jul 2026 Communication and Collaboration
    Mattermost: Server-Side Request Forgery (SSRF) in Mattermost Agents

    In Mattermost Agents component for Mattermost versions 10.11.18, 11.6.3, 11.5.6 and earlier a medium severity vulnerability CVE-2026-4339 was detected. This vulnerability allows an attacker to perform server-side request forgery (SSRF) and exfiltrate data from internal network services. To address this issue, users should upgrade Mattermost to version 10.11.19 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4339.

    Read more
    Communication
    13 Jul 2026 Business and Enterprise Solutions
    WooCommerce: Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce

    In Abandoned Cart Pro for WooCommerce component for WooCommerce versions 10.4.0 and earlier a high severity vulnerability CVE-2026-56010 was detected. This vulnerability allows attackers to escalate their privileges. To address this issue, users should upgrade Abandoned Cart Pro for WooCommerce to the latest available version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-56010.

    Read more
    E-commerce
    13 Jul 2026 Business and Enterprise Solutions
    WordPress: Unauthenticated Cross-Site Scripting in MapPress Maps for WordPress

    In MapPress Maps for WordPress component for WordPress versions 2.97.3 and earlier a high severity vulnerability CVE-2026-56011 was detected. This vulnerability allows attackers to inject malicious scripts. To address this issue, users should upgrade MapPress Maps for WordPress to the latest available version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-56011.

    Read more
    CMS
    10 Jul 2026 DevOps
    Jenkins: Sandbox Bypass in Script Security Plugin

    In Script Security Plugin component for Jenkins versions 1402.v94c9ce464861 and earlier a high severity vulnerability CVE-2026-57280 was detected. This vulnerability allows attackers to bypass sandbox protection. To address this issue, users should upgrade Script Security Plugin to version 1402.1405.vc96e74964250 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57280.

    Read more
    Developer Tools
    10 Jul 2026 DevOps
    Jenkins: Sandbox escape in Script Security Plugin

    In Script Security Plugin component for Jenkins versions 1402.v94c9ce464861 and earlier a high severity vulnerability CVE-2026-57281 was detected. This vulnerability allows attackers to execute code outside the sandbox. To address this issue, users should upgrade Script Security Plugin to version 1402.1405.vc96e74964250 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57281.

    Read more
    Developer Tools
    10 Jul 2026 DevOps
    Jenkins: Arbitrary command execution in Git client Plugin

    In Git client Plugin component for Jenkins versions 6.6.0 and earlier a medium severity vulnerability CVE-2026-57282 was detected. This vulnerability allows attackers who can control the name of a build’s working directory to execute arbitrary operating system commands on the agent. To address this issue, users should upgrade Git client Plugin to version 6.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57282.

    Read more
    Developer Tools
    10 Jul 2026 DevOps
    Jenkins: Cross-Site Request Forgery vulnerability in Pipeline: Groovy Plugin

    In Pipeline: Groovy Plugin component for Jenkins versions 4331.v9d06ed4658ff and earlier a medium severity vulnerability CVE-2026-57283 was detected. This vulnerability allows attackers to instantiate unauthorized types through the Pipeline Snippet Generator. To address this issue, users should upgrade Pipeline: Groovy Plugin to version 4331.4333.v50a_b_076c5199 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57283.

    Read more
    Developer Tools
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}