Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    10 Jul 2026 DevOps
    Jenkins: Improper Type Restriction in Pipeline: Groovy Plugin

    In Pipeline: Groovy Plugin component for Jenkins versions 4331.v9d06ed4658ff and earlier a medium severity vulnerability CVE-2026-57284 was detected. This vulnerability allows attackers to instantiate restricted types related to job or system configuration. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57284.

    Read more
    Developer Tools
    9 Jul 2026 Data Management and Analytics
    Supabase Capgo: Authorization Bypass Vulnerability

    In Supabase Capgo versions before 12.128.2 a high severity vulnerability CVE-2026-56245 was detected. This vulnerability allows unauthenticated attackers to insert arbitrary build-time records to poison billing and quota data for any organization. To address this issue, users should upgrade Supabase Capgo to version 12.128.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-56245.

    Read more
    Data Analytics
    9 Jul 2026 Communication and Collaboration
    ArchiveBox: Stored Cross-Site Scripting (XSS) via wget Extractor

    In ArchiveBox versions up to and including 0.6.2 a medium severity vulnerability CVE-2023-45815 was detected. This vulnerability allows an attacker to execute malicious JavaScript in the context of a user’s session, leading to Stored Cross-Site Scripting (XSS) and potential account takeover. This occurs because ArchiveBox serves archived content from the same host and port as its admin panel, which bypasses standard browser CORS and CSRF protections. If a user utilizes the wget extractor to archive a maliciously crafted page and subsequently views the output, the embedded JavaScript executes. For authenticated administrators, this allows the script to silently perform admin actions, such as adding, modifying, or removing snapshots and users. For unauthenticated users, the script can still read all other archived content. To address this issue, users should upgrade ArchiveBox to version 0.9.0 or later. As a temporary mitigation, administrators can disable the wget extractor by setting SAVE_WGET=False, ensure they are logged out before viewing archives, or serve a static HTML version of the archive. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-45815.

    Read more
    Utility
    9 Jul 2026 Business and Enterprise Solutions
    Dolibarr: Remote Code Execution (RCE) via Computed Field in User Module

    In Dolibarr ERP & CRM versions up to and including 21.0.1 a high severity vulnerability CVE-2025-56588 was detected. This vulnerability allows an authenticated attacker to execute arbitrary code on the underlying server, leading to Remote Code Execution (RCE). This occurs due to insecure processing of the computed field parameter within the User module configuration. By injecting malicious payloads into this configuration field, an attacker can bypass intended restrictions and run arbitrary system commands. To address this issue, users should upgrade Dolibarr ERP & CRM to a patched version version 21.0.3 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-56588.

    Read more
    ERP
    9 Jul 2026 Business and Enterprise Solutions
    WordPress: AdRotate Banner Manager plugin vulnerable to PHP Code Injection

    In AdRotate Banner Manager plugin for WordPress versions up to and including 5.17.7 a high severity vulnerability CVE-2026-12242 was detected. This vulnerability allows authenticated attackers with at least Contributor-level access to execute arbitrary PHP code. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-12242.

    Read more
    CMS
    9 Jul 2026 Business and Enterprise Solutions
    WordPress (Ultimate Member): Account Takeover Vulnerability

    In Ultimate Member plugin for WordPress versions up to and including 2.11.4 a high severity vulnerability CVE-2026-7761 was detected. This vulnerability allows authenticated attackers with contributor-level access or higher to take over user accounts by disclosing password reset links. To address this issue, users should upgrade Ultimate Member to version 2.12.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7761.

    Read more
    CMS
    8 Jul 2026 Infrastructure and Network
    Traefik: HTTP/2 Rapid Reset Denial-of-Service

    In Traefik versions before 2.10.5 and 3.0.0-beta4 a high severity vulnerability CVE-2023-54365 was detected. This vulnerability allows a remote attacker to rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability. To address this issue, users should upgrade Traefik to version 2.10.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-54365.

    Read more
    Security
    8 Jul 2026 Business and Enterprise Solutions
    WordPress: Stored Cross-Site Scripting via ProfileGrid pm_author_message parameter

    In WordPress versions up to and including 5.9.9.2 a medium severity vulnerability CVE-2026-4610 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to inject arbitrary web scripts that execute when users view the injected pages. To address this issue, users should upgrade WordPress to version 5.9.9.3 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4610.

    Read more
    CMS
    8 Jul 2026 Data Management and Analytics
    PostgreSQL: Unauthenticated Denial-of-Service via audit_logs RLS in Supabase PostgREST

    In PostgreSQL versions before 12.128.12 a high severity vulnerability CVE-2026-56248 was detected. This vulnerability allows unauthenticated attackers to trigger a denial-of-service (statement timeouts / PostgREST error 57014) by issuing unfiltered queries to the public.audit_logs endpoint via the Supabase PostgREST API. To address this issue, users should upgrade capgo-backend 12.128.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-56248.

    Read more
    Database
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}