Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • DevOps
  • Developer Tools

Developer Tools

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    15 Apr 2026 DevOps
    Nexus Repository 3 Authenticated Remote Code Execution via Task Property Injection

    In Sonatype Nexus Repository versions 3.22.1 through 3.90.2 critical severity vulnerability CVE-2026-3199 was detected. This vulnerability allows authenticated attackers with task creation permissions to execute arbitrary code by bypassing the nexus.scripts.allowCreation security control via task property injection. To address this issue users must upgrade to 3.91.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3199.

    Read more
    Developer Tools
    10 Apr 2026 DevOps
    GitLab: Unauthenticated Denial of Service via JSON Input Validation Flaw

    In GitLab CE/EE versions 12.10 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a high severity vulnerability CVE-2026-1092 was detected. This vulnerability allows unauthenticated users to cause denial of service (DoS) due to improper input validation of JSON payloads. To address this issue, users should upgrade GitLab CE/EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1092.

    Read more
    Developer Tools
    10 Apr 2026 DevOps
    GitLab: Denial of Service via GraphQL Query Flooding

    In GitLab CE/EE versions 13.0 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a high severity vulnerability CVE-2025-12664 was detected. This vulnerability allows unauthenticated users to cause denial of service (DoS) by sending repeated GraphQL queries due to improper input validation and request handling. To address this issue, users should upgrade GitLab CE/EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12664.

    Read more
    Developer Tools
    10 Apr 2026 DevOps
    GitLab: Missing Authorization Allows Email Address Disclosure via GraphQL

    In GitLab EE versions 16.6 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2025-9484 was detected. This vulnerability allows authenticated users to access other users’ email addresses via certain GraphQL queries due to missing authorization checks. To address this issue, users should upgrade GitLab EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9484.

    Read more
    Developer Tools
    10 Apr 2026 DevOps
    GitLab: Information Disclosure via Code Quality Report Injection

    In GitLab EE versions 18.0.0 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2026-1516 was detected. This vulnerability allows authenticated users to leak IP addresses of other users viewing Code Quality reports via specially crafted report content due to improper handling of generated code. To address this issue, users should upgrade GitLab EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1516.

    Read more
    Developer Tools
    10 Apr 2026 DevOps
    GitLab: Denial of Service via Improper GraphQL Input Validation

    In GitLab EE versions 18.2 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2026-1101 was detected. This vulnerability allows authenticated users to cause denial of service (DoS) to the GitLab instance due to improper input validation in GraphQL queries. To address this issue, users should upgrade GitLab EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1101.

    Read more
    Developer Tools
    9 Apr 2026 DevOps
    GitLab: Privilege Escalation via Missing Authorization in Member Management

    In GitLab CE/EE versions 18.2 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a low severity vulnerability CVE-2026-4916 was detected. This vulnerability allows authenticated users with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations. To address this issue, users should upgrade GitLab CE/EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4916.

    Read more
    Developer Tools
    9 Apr 2026 DevOps
    GitLab: Cross-Site Scripting in Analytics Dashboards

    p>In GitLab EE versions 18.2 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2026-4332 was detected. This vulnerability allows authenticated users to execute arbitrary JavaScript in other users’ browsers via customizable analytics dashboards due to improper input sanitization. To address this issue, users should upgrade GitLab to versions EE 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4332.

    Read more
    Developer Tools
    9 Apr 2026 DevOps
    GitLab: Incorrect Authorization Allows Modification of Vulnerability Flags

    In GitLab EE versions 18.6 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2026-2619 was detected. This vulnerability allows authenticated users with auditor privileges to modify vulnerability flag data in private projects due to incorrect authorization under certain conditions. To address this issue, users should upgrade GitLab EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2619.

    Read more
    Developer Tools
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}