Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Data Management and Analytics

Data Management and Analytics

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    28 May 2026 Data Management and Analytics
    pgAdmin 4: SQL Injection and OS Command Execution in Maintenance Tool

    In pgAdmin 4 versions prior to 9.15. a high severity vulnerability CVE-2026-7815 was detected. This vulnerability allows an authenticated user with tools_maintenance permissions to execute arbitrary SQL on the connected PostgreSQL server, which can be escalated to operating-system command execution on the database host. This occurs because four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) are concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command without proper sanitization and passed to psql. To address this issue, users should upgrade pgAdmin 4 to version 9.15 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7815.

    Read more
    Database
    27 May 2026 Data Management and Analytics
    vLLM: Denial of Service in OpenAI-compatible Serving Path

    In vLLM version 0.19.0 a medium severity vulnerability CVE-2026-9540 was detected. This vulnerability allows a remote attacker to cause a Denial of Service (DoS). This occurs due to a flaw in the OpenAI-compatible Serving Path component when processing certain manipulated data. An exploit for this issue is publicly available. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-9540.

    Read more
    Machine Learning
    27 May 2026 Data Management and Analytics
    Prometheus: Cross-Site Scripting (XSS) in Legacy Web UI Histogram Heatmaps

    In Prometheus versions 2.49.0 to before 3.5.3 and 3.11.3 a low severity vulnerability CVE-2026-44903 was detected. This vulnerability allows an attacker who can inject crafted metrics to execute arbitrary JavaScript (XSS) in the browser of any user viewing the metric. This occurs in the legacy web UI (enabled via the –enable-feature=old-ui flag) because the histogram heatmap chart view fails to properly escape ‘le’ label values when inserting them into the HTML for use as axis tick mark labels. To address this issue, users should upgrade Prometheus to versions 3.5.3 or 3.11.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-44903.

    Read more
    Data Analytics
    26 May 2026 Data Management and Analytics
    JupyterLab: Extension Manager API/GUI Policy Discrepancy

    In JupyterLab versions 4.0.0 through 4.5.6 a high severity vulnerability CVE-2026-42266 was detected. This vulnerability allows an attacker to install malicious third-party extensions via a POST request. This occurs because the allow-list for the PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced, allowing packages outside the default PyPI index to be installed. To address this issue, users should upgrade JupyterLab to version 4.5.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42266.

    Read more
    Machine Learning
    26 May 2026 Data Management and Analytics
    pgAdmin 4: Stored XSS in Browser Tree and Explain Visualizer

    In pgAdmin 4 versions before 9.15 a medium severity vulnerability CVE-2026-7814 was detected. This vulnerability allows an attacker to execute Stored Cross-Site Scripting (XSS) attacks. This occurs because user-controlled PostgreSQL object names are unsafely assigned to DOM elements via innerHTML in the Browser Tree and Explain Visualizer modules, allowing attacker-supplied JavaScript to execute when a user navigates to or executes EXPLAIN over the malicious object. To address this issue, users should upgrade pgAdmin 4 to version 9.15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7814.

    Read more
    Database
    25 May 2026 Data Management and Analytics
    MLflow: Authentication Bypass via FastAPI Middleware

    In MLflow versions 3.9.0 and earlier a high severity vulnerability CVE-2026-2652 was detected. This vulnerability allows unauthenticated remote attackers to submit jobs, read job results, cancel running jobs, and inject arbitrary trace data into experiments. This occurs due to an architectural mismatch between Flask and FastAPI authentication mechanisms, where the FastAPI permission middleware fails to enforce authentication on non-/gateway/ routes (such as the Job API and OpenTelemetry trace ingestion API) when the server is started with basic authentication enabled and served via uvicorn. To address this issue, users should upgrade MLflow to version 3.10.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2652.

    Read more
    Data Analytics
    25 May 2026 Data Management and Analytics
    MongoDB Server: Post-Authentication Denial of Service (DoS) via Use-After-Free in JavaScript Engine

    In MongoDB Server versions v8.2 prior to 8.2.9 and v8.3 prior to 8.3.2 a high severity vulnerability CVE-2026-8336 was detected. This vulnerability allows an authenticated user to cause a post-authentication Denial of Service (DoS) by crashing the mongod process. This occurs due to a use-after-free error when the $_internalJsEmit function (which is not intended to be directly accessible) or the mapreduce command’s map function is invoked in a specific way, followed by subsequent use of the server-side JavaScript engine (e.g., through $where, $function, or mapreduce reduce stage). To address this issue, users should upgrade MongoDB Server to versions 8.2.9 or 8.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-8336.

    Read more
    Database
    22 May 2026 Data Management and Analytics
    MongoDB Server: Denial of Service (DoS) via Aggregation Operators CPU Exhaustion

    In MongoDB Server versions v7.0 prior to 7.0.34, v8.0 prior to 8.0.23, v8.2 prior to 8.2.9, and v8.3 prior to 8.3.2 a medium severity vulnerability CVE-2026-8202 was detected. This vulnerability allows an authenticated user with aggregation permissions to cause a Denial of Service (DoS) by pinning CPU utilization at 100% for an extended period. This occurs when a densely populated chars mask and a large input string are used in the MongoDB aggregation operators $trim, $ltrim, and $rtrim. To address this issue, users should upgrade MongoDB Server to versions 7.0.34, 8.0.23, 8.2.9, or 8.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-8202.

    Read more
    Database
    21 May 2026 Data Management and Analytics
    CKAN: CSRF Protection Bypass via Anonymous Requests

    In CKAN versions prior to 2.10.10 and 2.11.5 a medium severity vulnerability CVE-2026-41255 was detected. This vulnerability allows an attacker to bypass Cross-Site Request Forgery (CSRF) protections. This occurs because accessing views via tokens or unauthenticated requests globally marks the endpoint as not requiring CSRF protection for the lifetime of the server process (e.g., a single worker of uWSGI), exposing subsequent authenticated requests to CSRF attacks. To address this issue, users should upgrade CKAN to versions 2.10.10 or 2.11.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41255.

    Read more
    Data Analytics
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}