Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Infrastructure and Network

Infrastructure and Network

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    21 May 2026 Infrastructure and Network
    authentik: Authentication Bypass via SAML NameID XML Comment Injection

    In authentik versions 2025.12.4 and prior, and 2026.2.0-rc1 through 2026.2.2 a high severity vulnerability CVE-2026-40165 was detected. This vulnerability allows an attacker to bypass authentication and gain unauthorized access to other user accounts. This occurs because an attacker can inject an XML comment into the SAML NameID value, causing authentik to truncate the identifier to the portion before the comment. The issue can be exploited if the attacker has an account on a SAML Source with XML Signing enabled and the ability to modify their NameID value. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40165.

    Read more
    Security
    11 May 2026 Infrastructure and Network
    FreeIPA: Remote Disclosure of Cross-Realm Kerberos Trust Keys

    In FreeIPA versions 3.0 before 3.1.2 a medium severity vulnerability CVE-2013-0199 was detected. This vulnerability allows remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors due to default LDAP ACIs failing to restrict access to the ipaNTTrustAuthIncoming and ipaNTTrustAuthOutgoing attributes. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0199.

    Read more
    Security
    8 May 2026 Infrastructure and Network
    FreeIPA: Denial of Service in Directory Server via Anonymous Connection

    In FreeIPA versions before 3.2.0 a medium severity vulnerability CVE-2013-0336 was detected. This vulnerability allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn to the 389 directory server. To address this issue, users should upgrade FreeIPA to version 3.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0336.

    Read more
    Security
    7 May 2026 Infrastructure and Network
    FreeIPA: MITM Join Procedure Spoofing via Improper CA Certificate Validation

    In FreeIPA versions 2.x and 3.x before 3.1.2 a high severity vulnerability CVE-2012-5484 was detected. This vulnerability allows attackers to perform man-in-the-middle (MITM) attacks and spoof a join procedure via a crafted certificate because the client does not properly obtain the Certification Authority (CA) certificate from the server. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-5484.

    Read more
    Security
    1 May 2026 Infrastructure and Network
    Wazuh: Pre-auth Stack Buffer Overflow in wazuh-remoted

    In Wazuh versions 4.8.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-28221 was detected. This vulnerability allows attackers to trigger a stack-based buffer overflow in the print_hex_string() function via specially crafted input sent over the network prior to authentication, potentially leading to memory corruption, denial of service, or further exploitation. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-28221.

    Read more
    Security
    1 May 2026 Infrastructure and Network
    Wazuh: Path Traversal in Cluster Sync Enables Arbitrary File Write and RCE

    In Wazuh versions 4.4.0 up to before 4.14.4 a critical severity vulnerability CVE-2026-30893 was detected. This vulnerability allows authenticated cluster peers to perform path traversal attacks in the decompress_files() routine, enabling arbitrary file write outside the intended directory and potential remote code execution by overwriting loaded modules. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-30893.

    Read more
    Security
    1 May 2026 Infrastructure and Network
    Wazuh: Heap-Based Buffer Underflow in parse_uname_string()

    In Wazuh versions 4.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-41499 was detected. This vulnerability allows attackers to trigger heap-based out-of-bounds writes in the parse_uname_string() function due to unsafe handling of empty strings, resulting in unsigned integer underflow and writes before allocated buffers that can corrupt heap metadata and lead to denial of service or potential code execution. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41499.

    Read more
    Security
    30 Apr 2026 Infrastructure and Network
    Wazuh: Heap Buffer Underflow in GetAlertData Leads to DoS

    In Wazuh versions 1.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-26204 was detected. This vulnerability allows attackers to cause denial of service or heap corruption by exploiting a heap-based buffer underflow in the GetAlertData function, resulting in an out-of-bounds write before the allocated buffer. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26204.

    Read more
    Security
    30 Apr 2026 Infrastructure and Network
    MinIO: Authentication Bypass via Unsigned Payload Trailer

    In MinIO versions RELEASE.2023-05-18T00-05-36Z to versions prior to RELEASE.2026-04-11T03-20-12Z a high severity vulnerability CVE-2026-41145 was detected. This vulnerability allows attackers with a valid access key to bypass authentication and write arbitrary objects to any bucket without a secret key or valid cryptographic signature by exploiting the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path. To address this issue, users should upgrade MinIO to versions RELEASE.2026-04-11T03-20-12Z or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41145.

    Read more
    Storage
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}