In Istio versions through 1.28.2 a medium severity vulnerability CVE-2026-23766 was detected. This vulnerability allows attackers to manipulate firewall behavior by injecting custom iptables rules through the traffic.sidecar.istio.io/excludeInterfaces annotation, potentially altering network traffic handling within a pod. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-23766.
Read more CommunicationIn Mattermost versions 10.11.x up to and including 10.11.8 and prior to 11.2.0 a low severity vulnerability CVE-2025-14822 was detected. This vulnerability allows authenticated attackers to trigger a denial of service by exhausting CPU resources through a single HTTP request containing a post with thousands of space-separated tokens, exploiting quadratic complexity in the model.ParseHashtags function. To address this issue, users should upgrade Mattermost to versions 10.11.9 or 11.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14822.
Read more CommunicationIn Mattermost versions 10.11.x up to and including 10.11.8, 11.0.x up to and including 11.0.6, and 11.1.x up to and including 11.1.1 a medium severity vulnerability CVE-2025-14435 was detected. This vulnerability allows authenticated attackers to cause an application-level denial of service by triggering API errors that lead to unbounded component re-render loops, resulting in infinite re-renders and degraded application availability. To address this issue, users should upgrade Mattermost to versions 10.11.9, 11.1.2 or 11.0.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14435.
Read more CommunicationIn vLLM versions from 0.6.4 to before 0.12.0 a medium severity vulnerability CVE-2026-22773 was detected. This vulnerability allows attackers to crash the vLLM inference engine by sending a specially crafted 1×1 pixel image to multimodal models using the Idefics3 vision implementation, triggering a tensor dimension mismatch and an unhandled runtime error that terminates the server. To address this issue, users should upgrade vLLM to version 0.12.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-22773.
Read more Machine LearningIn vLLM versions prior to 0.11.1 a high severity vulnerability CVE-2025-66448 was detected. This vulnerability allows attackers to achieve remote code execution by abusing the auto_map field in model configuration files, causing vLLM to fetch and execute Python code from a remote repository even when trust_remote_code=False is set, enabling an attacker to execute arbitrary malicious code on the host by publishing a crafted model repository. To address this issue, users should upgrade vLLM to version 0.11.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-66448.
Read more Machine LearningIn MongoDB Server versions prior to 7.0.28, 8.0.17, 8.2.3, 6.0.27, 5.0.32, 4.4.30, and versions greater than or equal to 4.2.0, 4.0.0, and 3.6.0 a high severity vulnerability CVE-2025-14847 was detected. This vulnerability may allow an unauthenticated client to read uninitialized heap memory due to mismatched length fields in Zlib compressed protocol headers. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14847.
Read more DatabaseIn Elasticsearch versions 7.0.0-alpha1 and prior, prior to 8.19.8, 9.0.0-beta1 and prior, prior to 9.1.8, 9.2.0 and prior, 9.2.1 and prior a medium severity vulnerability CVE-2025-68390 was detected. This vulnerability is caused by allocation of resources without limits or throttling (CWE-770), allowing an authenticated user with snapshot restore privileges to trigger excessive memory allocation through a crafted HTTP request, resulting in a denial of service (DoS). To address this issue, users should upgrade Elasticsearch to versions 8.19.8, 9.1.8 and 9.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68390.
Read more Data AnalyticsIn Elasticsearch versions 7.0.0-alpha1 and prior, prior to 8.19.8, 9.0.0-beta1 and prior, prior to 9.1.8, 9.2.0 and prior, 9.2.2 a medium severity vulnerability CVE-2025-68384 was detected. This vulnerability stems from allocation of resources without limits or throttling (CWE-770), allowing a low-privileged authenticated user to trigger excessive memory allocation by submitting oversized user settings data, resulting in a persistent denial of service (OOM crash). To address this issue, users should upgrade Elasticsearch to versions 8.19.9, 9.1.9 and 9.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68384.
Read more Data AnalyticsIn MariaDB versions affected by CVE-2025-13699 a medium severity vulnerability was detected. This vulnerability allows remote attackers to execute arbitrary code via the mariadb-dump utility due to improper validation of user-supplied paths in view names, enabling directory traversal and code execution in the context of the current user. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13699.
Read more Database