In Budibase versions prior to 3.35.4 critical severity vulnerability CVE-2026-41428 was detected. This vulnerability allows attackers to bypass authentication and gain unauthenticated access to protected endpoints by exploiting unanchored regular expressions in the public endpoint matcher via query parameters. To address this issue users must upgrade to 3.35.4 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41428.
Read more Application Development
In GitLab CE/EE versions 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 a high severity vulnerability CVE-2026-6515 was detected. This vulnerability allows attackers to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions. To address this issue users must upgrade to 18.9.6, 18.10.4, or 18.11.1 versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-6515.
Read more Developer Tools
In Mattermost Server versions 10.11.x before 10.11.13, 11.3.x before 11.3.3, 11.4.x before 11.4.3, and 11.5.0 high severity vulnerability CVE-2026-28741 was detected. This vulnerability allows attackers to update a user’s authentication method via a CSRF attack by tricking a user into visiting a malicious page. To address this issue users must upgrade to 10.11.13, 11.3.3, 11.4.3, or 11.5.1 versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-28741.
Read more Communication
In GitLab CE/EE versions 18.11 before 18.11.1 medium severity vulnerability CVE-2026-5377 was detected. This vulnerability allows attackers to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process. To address this issue users must upgrade to 18.11.1 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5377.
Read more Developer Tools
In GitLab CE/EE versions 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 high severity vulnerability CVE-2026-5262 was detected. This vulnerability allows attackers to access tokens in the Storybook development environment due to improper input validation. To address this issue users must upgrade to 18.9.6, 18.10.4, or 18.11.1 versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5262.
Read more Developer Tools
In GitLab CE/EE versions 18.10 before 18.10.4 and 18.11 before 18.11.1 high severity vulnerability CVE-2026-5816 was detected. This vulnerability allows attackers to execute arbitrary JavaScript in a user’s browser session due to improper path validation under certain conditions. To address this issue users must upgrade to 18.10.4 or 18.11.1 versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5816.
Read more Developer Tools
In Grafana versions 8.0.1 through 12.3.0 a high severity vulnerability CVE-2025-12141 was detected. This vulnerability allows attackers with Editor permissions to edit contact points created by other users and modify endpoint URLs to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials for third-party services like Slack tokens. To address this issue users must upgrade to version 12.3.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12141.
Read more Data Analytics
In HAProxy versions 2.6 through 3.3.5 a medium severity vulnerability CVE-2026-33555 was detected. This vulnerability allows attackers to cause desynchronization issues with the backend server by exploiting a flaw in the HTTP/3 parser, which fails to verify that the received body length matches the announced Content-Length when a stream is closed via an empty payload frame. This can be exploited for request smuggling, potentially leading to unauthorized access or cache poisoning. To address this issue users must upgrade to version 3.3.6 or other patched stable releases (2.6.25, 3.0.19, 3.2.15). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33555.
Read more Application Development
In Apache Kafka versions 4.1.0 and 4.1.1 a critical severity vulnerability CVE-2026-33557 was detected. This vulnerability allows attackers to bypass authentication and impersonate any user by providing an unvalidated JWT token, as the default validator fails to check signatures, issuers, or audiences. To address this issue users must upgrade to version 4.1.2, 4.2.0, or later, or explicitly set the validator class to BrokerJwtValidator. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33557.
Read more Data Analytics