In Dolibarr ERP/CRM versions prior to 23.0.2 a high vulnerability CVE-2026-22666 allows authenticated administrators to achieve remote code execution through the dol_eval_standard() function. The function fails to properly enforce forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax, allowing attackers to inject malicious payloads via computed extrafields or other evaluation paths. To address this issue, users should upgrade Dolibarr to version 23.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-22666.
Read more ERP
In GitLab CE/EE versions 16.9.6 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a high severity vulnerability CVE-2026-5173 was detected. This vulnerability allows authenticated users to invoke unintended server-side methods through WebSocket connections due to improper access control. To address this issue, users should upgrade GitLab CE/EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5173.
Read more Developer Tools
In Budibase versions prior to 3.33.4 a high severity vulnerability CVE-2026-25044 was detected. This vulnerability allows attackers to execute arbitrary commands by injecting malicious input into the Bash automation step, which uses execSync without proper sanitization and processes user input through template interpolation. To address this issue, users should upgrade Budibase to version 3.33.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25044.
Read more Application Development
In Discourse versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 a low severity vulnerability CVE-2026-34947 was detected. This vulnerability allows attackers to access staged user custom fields and usernames on public invite pages without email verification, leading to unintended information disclosure. To address this issue, users should upgrade Discourse to versions 2026.1.3, 2026.2.2 , or 2026.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34947.
Read more Communication
In Discourse versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 a medium severity vulnerability CVE-2026-27481 was detected. This vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and associated data due to an authorization bypass in tag routes. To address this issue, users should upgrade Discourse to versions 2026.1.3, 2026.2.2, or 2026.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27481.
Read more Communication
In Django versions 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30 a high severity vulnerability CVE-2026-33034 was detected. This vulnerability allows attackers to cause denial of service (DoS) by sending ASGI requests with missing or understated Content-Length headers, bypassing the DATA_UPLOAD_MAX_MEMORY_SIZE limit and forcing the server to load unbounded request bodies into memory. To address this issue, users should upgrade Django to versions 6.0.4, 5.2.13, or 4.2.30. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33034.
Read more Application Development
In Django versions 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30 a medium severity vulnerability CVE-2026-33033 was detected. This vulnerability allows attackers to degrade server performance and cause denial of service (DoS) by sending multipart uploads with Content-Transfer-Encoding: base64 containing excessive whitespace, exploiting inefficiencies in the MultiPartParser. To address this issue, users should upgrade Django to versions 6.0.4, 5.2.13, or 4.2.30. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33033.
Read more Application Development
In BookStack versions up to 26.03 a medium severity vulnerability CVE-2026-5484 was detected. This vulnerability allows attackers to exploit improper access controls in the chapterToMarkdown function of the Chapter Export Handler by manipulating the pagesargument, potentially enabling unauthorized data access. To address this issue, users should upgrade BookStack to version 26.03.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5484.
Read more CMS
In Budibase versions prior to 3.32.5 a high severity vulnerability CVE-2026-35218 was detected. This vulnerability allows authenticated users with Builder access to execute stored cross-site scripting (XSS) by injecting malicious HTML into entity names, which are rendered without sanitization in the Builder Command Palette using the {@html} directive. This can lead to session hijacking and potential account takeover. To address this issue, users should upgrade Budibase to version 3.32.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35218.
Read more Application Development