Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    18 Jun 2026 Communication and Collaboration
    Discourse: Chat Misauthorization and Information Disclosure

    In Discourse versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1 a medium severity vulnerability CVE-2026-45085 was detected. This vulnerability encompasses four distinct misauthorization and information disclosure issues within the chat plugin, with one also involving the discourse-calendar plugin. The flaws allow read-only category users to create chat threads and permit authors to restore self-deleted messages even after their channel access has been revoked. Furthermore, it causes information disclosure by exposing a channel’s last_message (which can include unrelated direct message content) to moderators reviewing flagged messages, and by leaking chat channel details via calendar event payloads to unauthorized viewers, including anonymous users. To address this issue, users should upgrade Discourse to versions 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-45085.

    Read more
    Communication
    18 Jun 2026 Data Management and Analytics
    ChromaDB: Cross-Tenant Authorization Bypass via SimpleRBACAuthorizationProvider

    In ChromaDB Python versions 0.5.0 or later a high severity vulnerability CVE-2026-45831 was detected. This vulnerability allows an authenticated user to perform cross-tenant actions and gain unauthorized access to isolated data. This occurs because the SimpleRBACAuthorizationProvider evaluates whether a user holds a given permission, but fails to check which tenant, database, or collection that permission actually applies to. Consequently, attackers can bypass intended access restrictions across different tenant environments. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-45831.

    Read more
    Database
    18 Jun 2026 DevOps
    GitLab CE/EE: Support Bot Impersonation and Content Injection via Service Desk

    In GitLab CE/EE versions 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 a low severity vulnerability CVE-2026-9694 was detected. This vulnerability allows an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content. This occurs due to improper neutralization in email template processing when handling a specially crafted Service Desk email reply. To address this issue, users should upgrade GitLab CE/EE to versions 18.10.8, 18.11.5, or 19.0.2. For more details, visit https://avd.aquasec.com/nvd/2026/cve-2026-9694.

    Read more
    Developer Tools
    17 Jun 2026 Data Management and Analytics
    MariaDB Server: Shell Command Execution via Galera SST Variables

    In MariaDB Server versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1 a high severity vulnerability CVE-2026-48165 was detected. This vulnerability allows a high-privileged MariaDB user to execute arbitrary shell commands with the privileges of the mariadbd process on the galera joiner node. This occurs due to improper handling of the wsrep_sst_receive_address or wsrep_sst_donor global system variables. To address this issue, users should upgrade MariaDB Server to versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, or 12.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-48165.

    Read more
    Database
    17 Jun 2026 DevOps
    Jenkins: Missing Permission Check Leading to Unauthorized Queue Item Cancellation

    In Jenkins versions 2.567 and earlier, and LTS 2.555.2 and earlier a medium severity vulnerability CVE-2026-53438 was detected. This vulnerability allows an attacker to cancel queue items they do not have permission to view. This occurs due to a missing permission check: users possessing the Item/Cancel permission, but lacking the Item/Read permission, are not properly restricted during the queue item cancellation process. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-53438.

    Read more
    Developer Tools
    17 Jun 2026 Communication and Collaboration
    Discourse: Information Disclosure of Restricted Tag Group Names

    In Discourse versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1 a medium severity vulnerability CVE-2026-47264 was detected. This vulnerability allows an unprivileged or anonymous user to view the names of restricted tag groups, leading to information disclosure. This occurs because the DetailedTagSerializer#tag_group_names function returns every tag group a tag belongs to without properly filtering against the requesting user’s visibility permissions. When the SiteSetting.tags_listed_by_group setting is enabled, hitting the TagsController#info endpoint (which is exempt from login requirements) exposes the names of tag groups that should be restricted to specific user groups or non-visible categories. To address this issue, users should upgrade Discourse to versions 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-47264.

    Read more
    Communication
    17 Jun 2026 Data Management and Analytics
    ChromaDB: Authorization Bypass in V1 Collection Endpoints

    In ChromaDB Python versions from including0.5.0 up to, including, 1.5.9 a high severity vulnerability CVE-2026-45832 was detected. This vulnerability allows an attacker to bypass authorization controls and gain unauthorized access to data. This occurs because all V1 collection-level endpoints improperly pass None for the tenant and database parameters to the authorization layer. By interacting directly with these V1 endpoints, attackers can successfully circumvent intended access restrictions. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-45832.

    Read more
    Database
    17 Jun 2026 Data Management and Analytics
    MongoDB: Denial of Service (DoS) and Incorrect Results via Internal Metadata Interference

    In MongoDB versions from including 7.0.0 and before 7.0.35, including 8.0.0 and before 8.0.24, including 8.2.0 and before 8.2.10, including 8.3.0 and before 8.3.3 a medium severity vulnerability CVE-2026-9750 was detected. This vulnerability allows an authenticated user to cause a server crash (Denial of Service) or return incorrect query results. This occurs due to insufficient separation between user-controlled document fields and internal metadata during query execution. By creating specifically crafted documents, an attacker can interfere with internal metadata processing. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-9750.

    Read more
    Database
    16 Jun 2026 DevOps
    Jenkins: Open Redirect via Unsafe “from” Parameter in Security Realm

    In Jenkins versions 2.567 and earlier, and LTS 2.555.2 and earlier a medium severity vulnerability CVE-2026-53440 was detected. This vulnerability allows an attacker to perform phishing attacks by redirecting users to a malicious, attacker-controlled domain (Open Redirect). This occurs because the “Delegate to servlet container” security realm fails to properly validate the from parameter to ensure it is safe to redirect to after a successful login. To address this issue, users should upgrade Jenkins to a patched version 2.568 or LTS 2.555.3 (or later). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-53440.

    Read more
    Developer Tools
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}