In Pipeline: Groovy Plugin component for Jenkins versions 4331.v9d06ed4658ff and earlier a medium severity vulnerability CVE-2026-57284 was detected. This vulnerability allows attackers to instantiate restricted types related to job or system configuration. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57284.
Read more Developer ToolsIn Supabase Capgo versions before 12.128.2 a high severity vulnerability CVE-2026-56245 was detected. This vulnerability allows unauthenticated attackers to insert arbitrary build-time records to poison billing and quota data for any organization. To address this issue, users should upgrade Supabase Capgo to version 12.128.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-56245.
Read more Data AnalyticsIn ArchiveBox versions up to and including 0.6.2 a medium severity vulnerability CVE-2023-45815 was detected. This vulnerability allows an attacker to execute malicious JavaScript in the context of a user’s session, leading to Stored Cross-Site Scripting (XSS) and potential account takeover. This occurs because ArchiveBox serves archived content from the same host and port as its admin panel, which bypasses standard browser CORS and CSRF protections. If a user utilizes the wget extractor to archive a maliciously crafted page and subsequently views the output, the embedded JavaScript executes. For authenticated administrators, this allows the script to silently perform admin actions, such as adding, modifying, or removing snapshots and users. For unauthenticated users, the script can still read all other archived content. To address this issue, users should upgrade ArchiveBox to version 0.9.0 or later. As a temporary mitigation, administrators can disable the wget extractor by setting SAVE_WGET=False, ensure they are logged out before viewing archives, or serve a static HTML version of the archive. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-45815.
In Dolibarr ERP & CRM versions up to and including 21.0.1 a high severity vulnerability CVE-2025-56588 was detected. This vulnerability allows an authenticated attacker to execute arbitrary code on the underlying server, leading to Remote Code Execution (RCE). This occurs due to insecure processing of the computed field parameter within the User module configuration. By injecting malicious payloads into this configuration field, an attacker can bypass intended restrictions and run arbitrary system commands. To address this issue, users should upgrade Dolibarr ERP & CRM to a patched version version 21.0.3 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-56588.
Read more ERPIn AdRotate Banner Manager plugin for WordPress versions up to and including 5.17.7 a high severity vulnerability CVE-2026-12242 was detected. This vulnerability allows authenticated attackers with at least Contributor-level access to execute arbitrary PHP code. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-12242.
Read more CMSIn Ultimate Member plugin for WordPress versions up to and including 2.11.4 a high severity vulnerability CVE-2026-7761 was detected. This vulnerability allows authenticated attackers with contributor-level access or higher to take over user accounts by disclosing password reset links. To address this issue, users should upgrade Ultimate Member to version 2.12.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7761.
Read more CMSIn Traefik versions before 2.10.5 and 3.0.0-beta4 a high severity vulnerability CVE-2023-54365 was detected. This vulnerability allows a remote attacker to rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability. To address this issue, users should upgrade Traefik to version 2.10.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-54365.
Read more SecurityIn WordPress versions up to and including 5.9.9.2 a medium severity vulnerability CVE-2026-4610 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to inject arbitrary web scripts that execute when users view the injected pages. To address this issue, users should upgrade WordPress to version 5.9.9.3 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4610.
Read more CMSIn PostgreSQL versions before 12.128.12 a high severity vulnerability CVE-2026-56248 was detected. This vulnerability allows unauthenticated attackers to trigger a denial-of-service (statement timeouts / PostgREST error 57014) by issuing unfiltered queries to the public.audit_logs endpoint via the Supabase PostgREST API. To address this issue, users should upgrade capgo-backend 12.128.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-56248.
Read more Database