In Mattermost Plugin Legal Hold versions <=1.4.1 high severity vulnerability CVE-2026-3524 was detected. This vulnerability allows authenticated attackers to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints due to a failure to halt request processing after a failed authorization check. To address this issue users must upgrade to 1.1.5.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3524.
Read more Communication
In MinIO versions from RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z high severity vulnerability CVE-2026-39414 was detected. This vulnerability allows authenticated attackers to cause an Out-of-Memory (OOM) crash and denial of service by uploading specially crafted CSV files without newline characters, which triggers unlimited memory allocation during S3 Select processing. To address this issue users must upgrade to MinIO AIStor RELEASE.2025-12-20T04-58-37Z version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-39414.
Read more Storage
In Sonatype Nexus Repository versions 3.0.0 through 3.90.2 medium severity vulnerability CVE-2026-3438 was detected. This vulnerability allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim’s browser through a specially crafted URL on describe pages, requiring user interaction. To address this issue, users must upgrade to the 3.91.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3438.
Read more Developer Tools
In Sonatype Nexus Repository versions 3.22.1 through 3.90.2 critical severity vulnerability CVE-2026-3199 was detected. This vulnerability allows authenticated attackers with task creation permissions to execute arbitrary code by bypassing the nexus.scripts.allowCreation security control via task property injection. To address this issue users must upgrade to 3.91.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3199.
Read more Developer Tools
In LiteLLM versions prior to 1.83.0 high severity vulnerability CVE-2026-35030 was detected. This vulnerability allows attackers to bypass authentication via an OIDC userinfo cache key collision by crafting a token whose first 20 characters match a legitimate user’s cached token. To address this issue users must upgrade to the 1.83.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35030.
Read more Data Analytics
In LiteLLM versions prior to 1.83.0 critical severity vulnerability CVE-2026-35029 was detected. This vulnerability allows attackers to use the /config/update endpoint to modify proxy configurations, achieve remote code execution through custom handlers, read arbitrary server files, and take over privileged accounts by overwriting environment variables. To address this issue users must upgrade to the 1.83.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35029.
Read more Data Analytics
In Logstash versions 8.0.0 – 8.19.13, 9.0.0 – 9.2.7, and 9.3.0 – 9.3.2 high severity vulnerability CVE-2026-33466 was detected. This vulnerability allows attackers to write arbitrary files to the host filesystem and potentially achieve remote code execution via relative path traversal by serving a specially crafted compressed archive through a compromised update endpoint. To address this issue users must upgrade to 8.19.14, 9.2.8, or 9.3.3 versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33466.
Read more Data Analytics
In MariaDB Server versions prior to 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2 high severity vulnerability CVE-2026-35549 was detected. This vulnerability allows attackers to crash the server using a large packet when the caching_sha2_password authentication plugin is in use. To address this issue users must upgrade to 11.4.10, 11.8.6, or 12.2.2 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35549.
Read more Database
In Mattermost Plugins versions <=2.1.3.0 medium severity vulnerability CVE-2026-24661 was detected. This vulnerability allows attackers to cause memory exhaustion and denial of service by sending an oversized JSON payload to the {{/changes}} webhook endpoint. To address this issue users must upgrade to the 2.3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24661.
Read more Communication