In Helpy version 2.8.0 a medium severity vulnerability CVE-2026-40229 was detected. This vulnerability allows attackers to perform stored cross-site scripting (XSS) by injecting arbitrary HTML into the account name field, which is then rendered unescaped in post author displays across public forum threads, admin ticket views, and HTML notification emails. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40229.
Read more Customer Service
In Helpy version 2.8.0 a medium severity vulnerability CVE-2026-40230 was detected. This vulnerability allows authenticated attackers with admin or agent editor privileges to inject and persist arbitrary HTML or JavaScript in the knowledge base document body field, which is then executed during rendering due to improper sanitization. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40230.
Read more Customer Service
In Jenkins GitHub Branch Source Plugin version 1967.vdea_d580c1a_b_a_ and earlier a medium severity vulnerability CVE-2026-42522 was detected. This vulnerability allows attackers with Overall/Read permission to initiate connections to attacker-specified URLs using attacker-controlled GitHub App credentials due to a missing permission check. To address this issue, users should upgrade Jenkins GitHub Branch Source plugin to version 1967.1969.v205fd594c821. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42522.
Read more Developer Tools
In Jenkins GitHub Plugin version 1.46.0 and earlier a high severity vulnerability CVE-2026-42523 was detected. This vulnerability allows non-anonymous attackers with Overall/Read permission to execute stored cross-site scripting (XSS) due to improper handling of the current job URL in JavaScript used by the “GitHub hook trigger for GITScm polling” feature. To address this issue, users should upgrade Jenkins GitHub plugin to version 1.46.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42523.
Read more Developer Tools
In Wazuh versions 4.8.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-28221 was detected. This vulnerability allows attackers to trigger a stack-based buffer overflow in the print_hex_string() function via specially crafted input sent over the network prior to authentication, potentially leading to memory corruption, denial of service, or further exploitation. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-28221.
Read more Security
In Wazuh versions 4.4.0 up to before 4.14.4 a critical severity vulnerability CVE-2026-30893 was detected. This vulnerability allows authenticated cluster peers to perform path traversal attacks in the decompress_files() routine, enabling arbitrary file write outside the intended directory and potential remote code execution by overwriting loaded modules. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-30893.
Read more Security
In Wazuh versions 4.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-41499 was detected. This vulnerability allows attackers to trigger heap-based out-of-bounds writes in the parse_uname_string() function due to unsafe handling of empty strings, resulting in unsigned integer underflow and writes before allocated buffers that can corrupt heap metadata and lead to denial of service or potential code execution. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41499.
Read more Security
In Rocket.Chat versions prior to 8.4.0, prior to 8.3.2, prior to 8.2.2, prior to 8.1.3, prior to 8.0.4, prior to 7.13.6, prior to 7.12.7, prior to 7.11.7, and prior to 7.10.10 a medium severity vulnerability CVE-2026-29197 was detected. This vulnerability allows authenticated users without the proper permissions to read Apps-Engine logs due to a typo in the permission checks for the /api/apps/logs and /api/apps/:id/logs endpoints. To address this issue, users should upgrade Rocket.Chat to versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, 7.10.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29197.
Read more Communication
In Rocket.Chat versions prior to 8.3.0, prior to 8.2.1, prior to 8.1.2, prior to 8.0.3, prior to 7.13.5, prior to 7.12.6, prior to 7.11.6, and prior to 7.10.9 a critical severity vulnerability CVE-2026-29198 was detected. This vulnerability allows attackers to perform NoSQL injection in the OAuth flow, potentially leading to account takeover of the first user with a generated token when an OAuth application is configured. To address this issue, users should upgrade Rocket.Chat to versions 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6 or 7.10.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29198.
Read more Communication