Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Infrastructure and Network

Infrastructure and Network

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    20 Feb 2026 Infrastructure and Network
    PostgreSQL: intarray Extension Vulnerability Enables Arbitrary Code Execution

    In PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a high severity vulnerability CVE-2026-2004 was detected. This vulnerability allows an object creator to execute arbitrary code as the operating system user running the database due to missing validation of input types in the intarray extension selectivity estimator function. To address this issue, users should upgrade PostgreSQL to versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2004.

    Read more
    Security
    17 Feb 2026 Infrastructure and Network
    Vaultwarden: Organization Cipher Access Control Bypass

    In Vaultwarden versions prior to 1.35.3 a medium severity vulnerability CVE-2026-26012 was detected. This vulnerability allows a regular organization member to retrieve all ciphers within an organization, regardless of collection permissions, via the /ciphers/organization-details endpoint due to missing collection-level access control enforcement. To address this issue, users should upgrade Vaultwarden to version 1.35.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26012.

    Read more
    Security
    16 Feb 2026 Infrastructure and Network
    authentik: SAML Assertion Injection Vulnerability

    In authentik versions prior to 2025.8.6, 2025.10.4 and 2025.12.4 a high severity vulnerability CVE-2026-25922 was identified. This vulnerability allows an attacker to inject a malicious SAML assertion when using a SAML Source with the “Verify Assertion Signature” option enabled but “Verify Response Signature” disabled, or when the Encryption Certificate is not configured under Advanced Protocol settings. To address this issue, users should upgrade Authentik to versions 2025.8.6, 2025.10.4, 2025.12.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25922.

    Read more
    Security
    16 Feb 2026 Infrastructure and Network
    authentik: Authentication Bypass via Malformed Cookie in Proxy Provider

    In authentik versions prior to 2025.10.4 and 2025.12.4 a high severity vulnerability CVE-2026-25748 was identified. This vulnerability allows an attacker to bypass authentication by using a malformed cookie when forward authentication is enabled in the authentik Proxy Provider, particularly when used with Traefik or Caddy as a reverse proxy. Exploiting this issue prevents the setting of authentik-specific X-Authentik-* headers, potentially granting unauthorized access. To address this issue, users should upgrade authentik to versions 2025.10.4, 2025.12.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25748.

    Read more
    Security
    16 Feb 2026 Infrastructure and Network
    authentik: Remote Code Execution via Test Endpoint with Delegated Permissions

    In authentik versions from 2021.3.1 up to but not including 2025.8.6, 2025.10.4 and 2025.12.4 a critical severity vulnerability CVE-2026-25227 was identified. This vulnerability allows a user with delegated permissions—specifically “Can view * Property Mapping” or “Can view Expression Policy”—to execute arbitrary code within the authentik server container through the test endpoint, which is intended to preview property mappings or policies. To address this issue, users should upgrade authentik to versions 2025.8.6, 2025.10.4, 2025.12.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25227.

    Read more
    Security
    5 Feb 2026 Infrastructure and Network
    OpenVPN: Denial of Service via Insufficient Epoch Key Slot Processing

    In OpenVPN versions 2.7_alpha1 through 2.7_rc5 a low severity vulnerability CVE-2025-15497 was detected. This vulnerability allows remote authenticated users to trigger an assertion failure due to insufficient epoch key slot processing, resulting in a denial of service. To address this issue, users should upgrade OpenVPN to version 2.7_rc5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-15497.

    Read more
    Security
    26 Jan 2026 Infrastructure and Network
    WordPress: Stored Cross-Site Scripting Vulnerability in JavaScript Notifier Plugin

    In the JavaScript Notifier plugin for WordPress versions up to and including 1.2.8 a medium severity vulnerability CVE-2026-1191 was detected. This vulnerability allows authenticated attackers with administrator-level access to inject arbitrary web scripts via plugin settings, which are rendered through the wp_footer action, due to insufficient input sanitization and output escaping of user-supplied attributes. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1191.

    Read more
    CMS Newsflash
    23 Jan 2026 Infrastructure and Network
    WordPress: Stored Cross-Site Scripting Vulnerability in GalleryMeta Plugin

    In the Meta-box GalleryMeta plugin for WordPress versions up to and including 3.0.1 a medium severity vulnerability CVE-2026-1302 was detected. This vulnerability allows authenticated attackers with editor-level permissions or higher to inject arbitrary malicious scripts via the admin settings, leading to stored cross-site scripting (XSS) that executes whenever a user accesses the affected pages. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1302.

    Read more
    CMS Newsflash
    23 Jan 2026 Infrastructure and Network
    WordPress: Stored Cross-Site Scripting Vulnerability in Responsive Header Plugin

    In the Responsive Header plugin for WordPress versions up to and including 1.0 a medium severity vulnerability CVE-2026-1300 was detected. This vulnerability allows authenticated attackers with administrator-level access or higher to inject arbitrary web scripts via multiple plugin settings parameters, which are stored and executed when users access affected pages, due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1300.

    Read more
    CMS Newsflash
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}