Our news and updates

In FreeIPA versions before 3.2.0 a medium severity vulnerability CVE-2013-0336 was detected. This vulnerability allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn to the 389 directory server. To address this issue, users should upgrade FreeIPA to version 3.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0336.

In Dolibarr versions prior to 23.0.0 a critical severity vulnerability CVE-2026-23500 was detected. This vulnerability allows authenticated administrators to inject arbitrary OS commands and achieve remote code execution (RCE) as the web server user by manipulating the MAIN_ODT_AS_PDF configuration constant during the ODT to PDF conversion process. To address this issue, users should upgrade Dolibarr to version 23.0.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-23500.

In Foreman versions before 1.12.2 a medium severity vulnerability CVE-2016-6319 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the label parameter in app/helpers/form_helper.rb, as used by Remote Execution and possibly other plugins. To address this issue, users should upgrade Foreman to version 1.12.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-6319.

In Foreman versions before 1.2.3 a high severity vulnerability CVE-2013-4386 was detected. This vulnerability allows remote attackers to execute arbitrary SQL commands via the fqdn or hostgroup parameters. To address this issue, users should upgrade Foreman to version 1.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-4386.

In eGroupware versions before 1.8.004.20120405 a medium severity vulnerability CVE-2012-2211 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. To address this issue, users should upgrade eGroupware to version 1.8.004.20120405. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-2211.

In Drupal versions 7.x before 7.26 a medium severity vulnerability CVE-2014-1476 was detected. This vulnerability allows remote authenticated users to obtain sensitive information by viewing unpublished content via a taxonomy listing page on sites upgraded from earlier versions. To address this issue, users should upgrade Drupal to version 7.26. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-1476.

In FreeIPA versions 2.x and 3.x before 3.1.2 a high severity vulnerability CVE-2012-5484 was detected. This vulnerability allows attackers to perform man-in-the-middle (MITM) attacks and spoof a join procedure via a crafted certificate because the client does not properly obtain the Certification Authority (CA) certificate from the server. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-5484.

In Prefect versions up to 3.6.21 a high severity vulnerability CVE-2026-7722 was detected. This vulnerability allows remote attackers to bypass authentication by manipulating the endswith function within the /api/health endpoint. To address this issue, users should upgrade Prefect to version 3.6.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7722.

In Prometheus versions prior to 3.5.3 and 3.11.3 a high severity vulnerability CVE-2026-42154 was detected. This vulnerability allows unauthenticated attackers to send a small, specially crafted snappy-compressed payload to the remote read endpoint (/api/v1/read) that causes a massive heap allocation, leading to memory exhaustion and crashing the Prometheus process (Denial of Service). To address this issue, users should upgrade Prometheus to versions 3.5.3 or 3.11.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42154.