In Jenkins GitHub Plugin version 1.46.0 and earlier a high severity vulnerability CVE-2026-42523 was detected. This vulnerability allows non-anonymous attackers with Overall/Read permission to execute stored cross-site scripting (XSS) due to improper handling of the current job URL in JavaScript used by the “GitHub hook trigger for GITScm polling” feature. To address this issue, users should upgrade Jenkins GitHub plugin to version 1.46.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42523.
Read more Developer ToolsIn OpenShift Container Platform all versions a medium severity vulnerability CVE-2026-7309 was detected. This vulnerability allows attackers with the ‘edit’ ClusterRole to inject arbitrary environment variables, such as LD_PRELOAD or http_proxy, into docker-build containers through the buildconfigs/instantiate API, leading to information disclosure that impacts the confidentiality of build traffic. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7309.
Read more Developer ToolsIn GitLab CE/EE versions from 18.11 before 18.11.1 low severity vulnerability CVE-2026-3254 was detected. This vulnerability allows attackers to load unauthorized content into another user’s browser due to improper input validation in the Mermaid sandbox. To address this issue users must upgrade to 18.11.1 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3254.
Read more Developer ToolsIn GitLab CE/EE versions 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 medium severity vulnerability CVE-2026-1660 was detected. This vulnerability allows attackers to cause a denial of service when importing issues due to improper input validation and the allocation of resources without limits or throttling. To address this issue users must upgrade to 18.9.6, 18.10.4, or 18.11.1 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1660.
Read more Developer ToolsIn GitLab CE/EE versions 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 a high severity vulnerability CVE-2026-6515 was detected. This vulnerability allows attackers to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions. To address this issue users must upgrade to 18.9.6, 18.10.4, or 18.11.1 versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-6515.
Read more Developer ToolsIn GitLab CE/EE versions 18.11 before 18.11.1 medium severity vulnerability CVE-2026-5377 was detected. This vulnerability allows attackers to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process. To address this issue users must upgrade to 18.11.1 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5377.
Read more Developer ToolsIn GitLab CE/EE versions 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 high severity vulnerability CVE-2026-5262 was detected. This vulnerability allows attackers to access tokens in the Storybook development environment due to improper input validation. To address this issue users must upgrade to 18.9.6, 18.10.4, or 18.11.1 versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5262.
Read more Developer ToolsIn GitLab CE/EE versions 18.10 before 18.10.4 and 18.11 before 18.11.1 high severity vulnerability CVE-2026-5816 was detected. This vulnerability allows attackers to execute arbitrary JavaScript in a user’s browser session due to improper path validation under certain conditions. To address this issue users must upgrade to 18.10.4 or 18.11.1 versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5816.
Read more Developer ToolsIn Sonatype Nexus Repository versions 3.0.0 through 3.90.2 medium severity vulnerability CVE-2026-3438 was detected. This vulnerability allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim’s browser through a specially crafted URL on describe pages, requiring user interaction. To address this issue, users must upgrade to the 3.91.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3438.
Read more Developer Tools