Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    21 May 2026 Communication and Collaboration
    Discourse: Subscription Access Bypass in discourse-subscriptions Plugin

    In Discourse versions prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 a low severity vulnerability CVE-2026-34154 was detected. This vulnerability allows users to bypass subscription access controls and gain unauthorized access to subscription-gated groups without completing payment. This occurs due to a flaw in the discourse-subscriptions plugin. To address this issue, users should upgrade Discourse to versions 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34154.

    Read more
    Communication
    21 May 2026 DevOps
    etcd: RBAC Authorization Bypass via PrevKv in Transactions

    In etcd versions prior to 3.4.44, 3.5.30, and 3.6.11 a medium severity vulnerability CVE-2026-44283 was detected. This vulnerability allows an authenticated user without sufficient read or lease-related permissions to access unauthorized data or attach leases. This occurs because read access via PrevKv or lease attachments in Put requests within transaction operations can bypass RBAC authorization checks. To address this issue, users should upgrade etcd to versions 3.4.44, 3.5.30, or 3.6.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-44283.

    Read more
    Developer Tools
    21 May 2026 Infrastructure and Network
    authentik: Authentication Bypass via SAML NameID XML Comment Injection

    In authentik versions 2025.12.4 and prior, and 2026.2.0-rc1 through 2026.2.2 a high severity vulnerability CVE-2026-40165 was detected. This vulnerability allows an attacker to bypass authentication and gain unauthorized access to other user accounts. This occurs because an attacker can inject an XML comment into the SAML NameID value, causing authentik to truncate the identifier to the portion before the comment. The issue can be exploited if the attacker has an account on a SAML Source with XML Signing enabled and the ability to modify their NameID value. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40165.

    Read more
    Security
    20 May 2026 DevOps
    Jenkins: World-Readable Secrets Exposure in Rekey Admin Monitor Backup

    In Jenkins version 1.498 a medium severity vulnerability CVE-2017-1000362 was detected. This vulnerability allows attackers with local filesystem access to expose sensitive information because the re-key admin monitor created a world-readable backup directory containing all old secrets and their encryption key. These backups were not automatically removed. There’s no fix available for this issue at the moment. Additionally, administrators are advised to manually check and delete the $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups directory if present. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-1000362.

    Read more
    Developer Tools
    20 May 2026 DevOps
    GitLab EE: Internal Host Requests via Virtual Registry Upstream

    In GitLab EE versions 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 a low severity vulnerability CVE-2026-7471 was detected. This vulnerability allows an authenticated user with control of a virtual registry upstream to make unauthorized requests to internal hosts, potentially leading to Server-Side Request Forgery (SSRF). This occurs due to improper validation of the upstream requests. To address this issue, users should upgrade GitLab EE to versions 18.9.7, 18.10.6, or 18.11.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7471.

    Read more
    Developer Tools
    20 May 2026 Business and Enterprise Solutions
    Joomla!: Two-Factor Authentication (2FA) Bypass

    In Joomla! versions before 3.8.2 a high severity vulnerability CVE-2017-16634 was detected. This vulnerability allows third parties to bypass a user’s two-factor authentication (2FA) method, potentially leading to unauthorized account access. To address this issue, users should upgrade Joomla! to version 3.8.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-16634.

    Read more
    CMS
    20 May 2026 DevOps
    Harbor: SSRF in Ping() Function via /api/targets/ping Endpoint

    In Harbor versions through 1.3.0-rc4 a medium severity vulnerability CVE-2017-17697 was detected. This vulnerability allows an attacker to conduct Server-Side Request Forgery (SSRF) attacks via the endpoint parameter to the /api/targets/ping endpoint. This occurs due to a flaw in the Ping() function in the ui/api/target.go file. To address this issue, users should upgrade Harbor to version 1.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-17697.

    Read more
    Developer Tools
    19 May 2026 DevOps
    Changedetection: XML External Entity (XXE) Injection via xpath_filter()

    In Changedetection versions 0.54.9 and earlier a high severity vulnerability CVE-2026-41895 was detected. This vulnerability allows attackers to exploit an XML External Entity (XXE) flaw, potentially leading to sensitive information disclosure or Server-Side Request Forgery (SSRF). This occurs because the xpath_filter() function switches to XML mode for XML/RSS content and uses etree. XMLParser without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup before parsing untrusted XML bytes. To address this issue, users should upgrade Changedetection to version 0.54.10 and newer. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41895.

    Read more
    Monitoring
    19 May 2026 Communication and Collaboration
    Discourse: Information Disclosure in Form Template API Due to Missing Authorization

    In Discourse versions prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 a medium severity vulnerability CVE-2026-33514 was detected. This vulnerability allows an authenticated user to read the name and structured content of form templates intended exclusively for categories they are not authorized to access. This occurs due to missing authorization checks when the form templates feature is enabled, leading to the disclosure of site configuration metadata. To address this issue, users should upgrade Discourse to versions 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33514.

    Read more
    Communication
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}