In OpenShift Container Platform all versions a medium severity vulnerability CVE-2026-7309 was detected. This vulnerability allows attackers with the ‘edit’ ClusterRole to inject arbitrary environment variables, such as LD_PRELOAD or http_proxy, into docker-build containers through the buildconfigs/instantiate API, leading to information disclosure that impacts the confidentiality of build traffic. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7309.
Read more Developer Tools
In Budibase versions prior to 3.35.4 a critical severity vulnerability CVE-2026-41428 was detected. This vulnerability allows attackers to bypass authentication and access any protected endpoint by appending a public endpoint path as a query parameter to the requested URL. To address this issue, users should upgrade Budibase to version 3.35.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41428.
Read more Application Development
In FreeScout versions prior to 1.8.213 a medium severity vulnerability CVE-2026-40565 was detected. This vulnerability allows attackers to inject arbitrary HTML attributes by sending emails with specially crafted plain-text URLs containing unescaped double-quote characters, which are improperly converted into HTML anchor tags. To address this issue, users should upgrade FreeScout to version 1.8.213. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40565.
Read more Customer Service
In Argo Workflows versions 3.6.5 to 4.0.4 a high severity vulnerability CVE-2026-40886 was detected. This vulnerability allows attackers to cause a controller-wide panic and crash the entire controller process by creating a workflow pod with a malformed workflows.argoproj.io/pod-gc-strategy annotation, resulting in a persistent crash loop that halts all workflow processing. To address this issue, users should upgrade Argo Workflows to versions 4.0.5 or 3.7.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40886.
Read more Application Development
In FreeScout versions prior to 1.8.213 a critical severity vulnerability CVE-2026-40498 was detected. This vulnerability allows unauthenticated attackers to access restricted diagnostic and system tools using an exposed static MD5 hash, leading to sensitive information disclosure (such as full path and process IDs) and resource exhaustion (DoS) through the repeated triggering of background tasks. To address this issue, users should upgrade FreeScout to version 1.8.213. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40498.
Read more Customer Service
In Apache Airflow versions prior to 3.2.1 medium severity vulnerability CVE-2026-40690 was detected. This vulnerability allows attackers to bypass DAG-level access control via the asset graph view, enabling unauthorized users to view unrelated topologies, asset names, and the existence of DAGs outside their authorized scope. To address this issue users must upgrade to 3.2.1 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40690.
Read more Data Analytics
In GitLab CE/EE versions from 18.11 before 18.11.1 low severity vulnerability CVE-2026-3254 was detected. This vulnerability allows attackers to load unauthorized content into another user’s browser due to improper input validation in the Mermaid sandbox. To address this issue users must upgrade to 18.11.1 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3254.
Read more Developer Tools
In Apache Airflow versions prior to 3.2.1 medium severity vulnerability CVE-2026-38743 was detected. This vulnerability allows attackers to retrieve Human-in-the-Loop (HITL) prompts and TaskInstance details for DAGs outside their authorized scope by exploiting a lack of per-DAG access control on the authenticated /ui/dags endpoint. To address this issue users must upgrade to 3.2.1 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-38743.
Read more Data Analytics
In GitLab CE/EE versions 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 medium severity vulnerability CVE-2026-1660 was detected. This vulnerability allows attackers to cause a denial of service when importing issues due to improper input validation and the allocation of resources without limits or throttling. To address this issue users must upgrade to 18.9.6, 18.10.4, or 18.11.1 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1660.
Read more Developer Tools