Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Infrastructure and Network

Infrastructure and Network

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    30 Apr 2026 Infrastructure and Network
    MinIO: Unauthenticated Object Write via Missing Signature Verification in Snowball Auto-Extract

    In MinIO versions RELEASE.2023-05-18T00-05-36Z to versions prior to RELEASE.2026-04-11T03-20-12Z a high severity vulnerability CVE-2026-40344 was detected. This vulnerability allows attackers who know a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature, due to missing signature verification for unsigned-trailer uploads in the Snowball auto-extract handler. To address this issue, users should upgrade MinIO to versions RELEASE.2026-04-11T03-20-12Z or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40344.

    Read more
    Storage
    30 Apr 2026 Infrastructure and Network
    Wazuh: Brute-Force Protection Bypass via Race Condition

    In Wazuh versions 4.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-26206 was detected. This vulnerability allows attackers to bypass API brute-force protection by exploiting a race condition in login attempt tracking, enabling more authentication attempts than intended through concurrent requests. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26206.

    Read more
    Security
    15 Apr 2026 Infrastructure and Network
    MinIO S3 Select Memory Exhaustion and Denial of Service Vulnerability

    In MinIO versions from RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z high severity vulnerability CVE-2026-39414 was detected. This vulnerability allows authenticated attackers to cause an Out-of-Memory (OOM) crash and denial of service by uploading specially crafted CSV files without newline characters, which triggers unlimited memory allocation during S3 Select processing. To address this issue users must upgrade to MinIO AIStor RELEASE.2025-12-20T04-58-37Z version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-39414.

    Read more
    Storage
    18 Mar 2026
    Vaultwarden: Unauthorized Cipher Access via Partial Update API

    In Vaultwarden versions prior to 1.35.4 a medium severity vulnerability CVE-2026-27898 was detected. This vulnerability allows authenticated users to access sensitive data from another user’s cipher by exploiting the “PUT /api/ciphers/{id}/partial” endpoint, which improperly returns cipher details despite access restrictions. To address this issue, users should upgrade Vaultwarden to version 1.35.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27898.

    Read more
    Knowledge Base Newsflash Infrastructure and Network Security
    16 Mar 2026
    Vaultwarden: Improper Collection Management Verification

    In Vaultwarden versions prior to 1.35.4 a high severity vulnerability CVE-2026-27803 was detected. This vulnerability allows users with the Manager role to perform collection management operations even when their `manage` permission is set to false, as long as they have access to the collection. To address this issue, users should upgrade Vaultwarden to version 1.35.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27803.

    Read more
    Knowledge Base Newsflash Infrastructure and Network Security
    20 Feb 2026 Infrastructure and Network
    PostgreSQL: Buffer Overrun via Multibyte Character Length Validation Flaw

    In PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a high severity vulnerability CVE-2026-2006 was detected. This vulnerability allows a database user to issue crafted queries that trigger a buffer overrun due to missing validation of multibyte character length in text manipulation functions, potentially leading to arbitrary code execution as the operating system user running the database. To address this issue, users should upgrade PostgreSQL to versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2006.

    Read more
    Security
    20 Feb 2026 Infrastructure and Network
    PostgreSQL: pgcrypto Heap Buffer Overflow Enables Arbitrary Code Execution

    In PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a high severity vulnerability CVE-2026-2005 was detected. This vulnerability allows a ciphertext provider to trigger a heap buffer overflow in the pgcrypto extension, potentially leading to arbitrary code execution as the operating system user running the database. To address this issue, users should upgrade PostgreSQL to versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2005.

    Read more
    Security
    20 Feb 2026 Infrastructure and Network
    PostgreSQL: intarray Extension Vulnerability Enables Arbitrary Code Execution

    In PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a high severity vulnerability CVE-2026-2004 was detected. This vulnerability allows an object creator to execute arbitrary code as the operating system user running the database due to missing validation of input types in the intarray extension selectivity estimator function. To address this issue, users should upgrade PostgreSQL to versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2004.

    Read more
    Security
    20 Feb 2026 Infrastructure and Network
    PostgreSQL: oidvector Validation Flaw May Expose Server Memory

    In PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a medium severity vulnerability CVE-2026-2003 was detected. This vulnerability allows a database user to disclose portions of server memory due to improper validation of the “oidvector” type, which may expose sensitive information under certain conditions. To address this issue, users should upgrade to PostgreSQL versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2003.

    Read more
    Security
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}