In Wazuh versions 1.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-26204 was detected. This vulnerability allows attackers to cause denial of service or heap corruption by exploiting a heap-based buffer underflow in the GetAlertData function, resulting in an out-of-bounds write before the allocated buffer. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26204.
Read more Security
In vLLM versions up to 0.19.0 a medium severity vulnerability CVE-2026-7141 was detected. This vulnerability allows attackers to trigger use of an uninitialized resource by manipulating the has_mamba_layers function in the KV cache interface, potentially leading to unexpected behavior. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7141.
Read more Machine Learning Knowledge Base Newsflash Data Management and Analytics
In MinIO versions RELEASE.2023-05-18T00-05-36Z to versions prior to RELEASE.2026-04-11T03-20-12Z a high severity vulnerability CVE-2026-41145 was detected. This vulnerability allows attackers with a valid access key to bypass authentication and write arbitrary objects to any bucket without a secret key or valid cryptographic signature by exploiting the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path. To address this issue, users should upgrade MinIO to versions RELEASE.2026-04-11T03-20-12Z or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41145.
Read more Storage
In MinIO versions RELEASE.2023-05-18T00-05-36Z to versions prior to RELEASE.2026-04-11T03-20-12Z a high severity vulnerability CVE-2026-40344 was detected. This vulnerability allows attackers who know a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature, due to missing signature verification for unsigned-trailer uploads in the Snowball auto-extract handler. To address this issue, users should upgrade MinIO to versions RELEASE.2026-04-11T03-20-12Z or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40344.
Read more Storage
In Wazuh versions 4.0.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-26206 was detected. This vulnerability allows attackers to bypass API brute-force protection by exploiting a race condition in login attempt tracking, enabling more authentication attempts than intended through concurrent requests. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26206.
Read more Security
In OpenShift Container Platform all versions a medium severity vulnerability CVE-2026-7309 was detected. This vulnerability allows attackers with the ‘edit’ ClusterRole to inject arbitrary environment variables, such as LD_PRELOAD or http_proxy, into docker-build containers through the buildconfigs/instantiate API, leading to information disclosure that impacts the confidentiality of build traffic. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7309.
Read more Developer Tools
In Budibase versions prior to 3.35.4 a critical severity vulnerability CVE-2026-41428 was detected. This vulnerability allows attackers to bypass authentication and access any protected endpoint by appending a public endpoint path as a query parameter to the requested URL. To address this issue, users should upgrade Budibase to version 3.35.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41428.
Read more Application Development
In FreeScout versions prior to 1.8.213 a medium severity vulnerability CVE-2026-40565 was detected. This vulnerability allows attackers to inject arbitrary HTML attributes by sending emails with specially crafted plain-text URLs containing unescaped double-quote characters, which are improperly converted into HTML anchor tags. To address this issue, users should upgrade FreeScout to version 1.8.213. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40565.
Read more Customer Service
In Argo Workflows versions 3.6.5 to 4.0.4 a high severity vulnerability CVE-2026-40886 was detected. This vulnerability allows attackers to cause a controller-wide panic and crash the entire controller process by creating a workflow pod with a malformed workflows.argoproj.io/pod-gc-strategy annotation, resulting in a persistent crash loop that halts all workflow processing. To address this issue, users should upgrade Argo Workflows to versions 4.0.5 or 3.7.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40886.
Read more Application Development