In Dolibarr ERP/CRM version 3.8.3 a low severity vulnerability CVE-2016-1912 was detected. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the lastname, firstname, email, job, or signature parameters to htdocs/user/card.php, leading to Cross-Site Scripting (XSS). To address this issue, users should upgrade Dolibarr ERP/CRM to versions 3.8.3 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-1912.
Read more ERP
In Grafana versions prior to 12.4.1 a low severity vulnerability CVE-2026-21725 was detected. This vulnerability allows an attacker to bypass authorization and delete a recently recreated data source without permission due to a time-of-check to time-of-use (TOCTOU) race condition. The exploit requires highly stringent conditions, including prior admin access to the originally deleted data source, the new data source having the exact same UID, and the attack occurring on the same pod within a narrow 30-second window. To address this issue, users should upgrade Grafana to versions 13.0.0 and above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-21725.
Read more Data Analytics
In FreeIPA versions 3.0 before 3.1.2 a medium severity vulnerability CVE-2013-0199 was detected. This vulnerability allows remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors due to default LDAP ACIs failing to restrict access to the ipaNTTrustAuthIncoming and ipaNTTrustAuthOutgoing attributes. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0199.
Read more Security
In Django versions 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 a medium severity vulnerability CVE-2015-8213 was detected. This vulnerability allows remote attackers to obtain sensitive application secrets (such as the SECRET_KEY) by providing a settings key in place of a date/time format setting to the get_format function in utils/formats.py. To address this issue, users should upgrade Django to versions 1.7.11, 1.8.7, or 1.9rc2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-8213.
Read more Application Development
In Drupal versions 6.x before 6.38 a medium severity vulnerability CVE-2016-3165 was detected. This vulnerability allows remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has the “#access” attribute set to FALSE in the server-side form definition, as the Form API ignores these restrictions on submit buttons. To address this issue, users should upgrade Drupal to version 6.38. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-3165.
Read more Application Development
In Budibase versions prior to 3.35.10 a high severity vulnerability CVE-2026-42239 was detected. This vulnerability allows attackers to steal JWT session tokens and achieve full account takeover if a Cross-Site Scripting (XSS) vulnerability is present, because the budibase:auth session cookie is set without the httpOnly, secure, and sameSite attributes. To address this issue, users should upgrade Budibase to version 3.35.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42239.
Read more Application Development
In Argo CD versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9 a critical severity vulnerability CVE-2026-42880 was detected. This vulnerability allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server’s Server-Side Apply dry-run mechanism due to a missing authorization and data-masking gap in Argo CD’s ServerSideDiff endpoint. To address this issue, users should upgrade Argo CD to versions 3.2.11 or 3.3.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42880.
Read more Developer Tools
In Dolibarr versions prior to 23.0.0 a critical severity vulnerability CVE-2026-23500 was detected. This vulnerability allows authenticated administrators to inject arbitrary OS commands and achieve remote code execution (RCE) as the web server user by manipulating the MAIN_ODT_AS_PDF configuration constant during the ODT to PDF conversion process. To address this issue, users should upgrade Dolibarr to version 23.0.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-23500.
Read more ERP
In Foreman versions before 1.12.2 a medium severity vulnerability CVE-2016-6319 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the label parameter in app/helpers/form_helper.rb, as used by Remote Execution and possibly other plugins. To address this issue, users should upgrade Foreman to version 1.12.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-6319.
Read more IT Business Management