In Django versions 6.0 before 6.0.5 and 5.2 before 5.2.14 a medium severity vulnerability CVE-2026-6907 was detected. This vulnerability allows attackers to potentially access exposed private data because UpdateCacheMiddleware erroneously caches requests where the Vary header contains an asterisk (‘*’), leading to sensitive data being improperly stored and served. To address this issue, users should upgrade Django to versions 6.0.5 or 5.2.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-6907.
Read more Application Development
In Django versions 6.0 before 6.0.5 and 5.2 before 5.2.14 a medium severity vulnerability CVE-2026-5766 was detected. This vulnerability allows attackers to bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit by sending ASGI requests with a missing or understated Content-Length header, potentially loading large files into memory and causing service degradation (Denial of Service). To address this issue, users should upgrade Django to versions 6.0.5 or 5.2.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5766.
Read more Application Development
In Django versions 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 a medium severity vulnerability CVE-2013-6044 was detected. This vulnerability allows attackers to introduce cross-site scripting (XSS) or other vulnerabilities by exploiting the is_safe_url function, which improperly treats a URL’s scheme as safe even if it is not HTTP or HTTPS (such as the javascript: scheme). To address this issue, users should upgrade Django to versions 1.4.6, 1.5.2, or 1.6 beta 2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-6044.
Read more Application Development
In AFFiNE versions up to 0.26.3 a medium severity vulnerability CVE-2026-7702 was detected. This vulnerability allows remote attackers to bypass authorization and access document previews by manipulating the allowDocPreview function within the Public Markdown Preview Endpoint. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7702.
Read more Communication and Collaboration
In Apache HTTP Server versions mod_auth_shadow-2.2-8.fc11, mod_auth_shadow-2.2-8.fc12, and mod_auth_shadow-2.2-5.el5 a medium severity vulnerability CVE-2010-1151 was detected. This vulnerability allows remote attackers to bypass authentication, and read and possibly modify data, via a race condition in the mod_auth_shadow module related to improper interaction with an external helper application for validation of credentials. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2010-1151.
Read more Application Development
In Appsmith versions up to 1.97 a high severity vulnerability CVE-2026-5418 was detected. This vulnerability allows remote attackers to launch server-side request forgery (SSRF) attacks by manipulating the computeDisallowedHosts function within the Dashboard component. To address this issue, users should upgrade Appsmith to version 1.99. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5418.
Read more Application Development
In Argo CD versions 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9 a high severity vulnerability CVE-2026-43824 was detected. This vulnerability allows attackers to read cleartext Kubernetes Secret data via the ServerSideDiff feature. To address this issue, users should upgrade Argo CD to versions 3.2.11 or 3.3.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-43824.
Read more Developer Tools
In Prefect versions up to 3.6.13 a high severity vulnerability CVE-2026-7723 was detected. This vulnerability allows remote attackers to bypass authentication via the /api/events/in WebSocket endpoint. To address this issue, users should upgrade Prefect to version 3.6.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7723.
Read more Developer Tools
In Mastodon versions prior to 4.5.9, 4.4.16, and 4.3.22 a high severity vulnerability CVE-2026-41259 was detected. This vulnerability allows attackers to bypass email domain restrictions by using specially crafted email addresses with characters interpreted differently by mail servers due to insufficient validation. To address this issue, users should upgrade Mastodon to versions 4.5.9, 4.4.16 or 4.3.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41259.
Read more Communication