In Joomla! versions before 3.8.2 a high severity vulnerability CVE-2017-16634 was detected. This vulnerability allows third parties to bypass a user’s two-factor authentication (2FA) method, potentially leading to unauthorized account access. To address this issue, users should upgrade Joomla! to version 3.8.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-16634.
Read more CMSIn Harbor versions through 1.3.0-rc4 a medium severity vulnerability CVE-2017-17697 was detected. This vulnerability allows an attacker to conduct Server-Side Request Forgery (SSRF) attacks via the endpoint parameter to the /api/targets/ping endpoint. This occurs due to a flaw in the Ping() function in the ui/api/target.go file. To address this issue, users should upgrade Harbor to version 1.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-17697.
Read more Developer ToolsIn CKAN versions prior to 2.10.10 and 2.11.5 a critical severity vulnerability CVE-2026-42031 was detected. This vulnerability allows unauthenticated attackers to inject SQL in order to gain access to private resources and PostgreSQL system information due to a flaw in the datastore_search_sql function. To address this issue, users should upgrade CKAN to versions 2.10.10 or 2.11.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42031.
Read more Data AnalyticsIn Changedetection versions 0.54.9 and earlier a high severity vulnerability CVE-2026-41895 was detected. This vulnerability allows attackers to exploit an XML External Entity (XXE) flaw, potentially leading to sensitive information disclosure or Server-Side Request Forgery (SSRF). This occurs because the xpath_filter() function switches to XML mode for XML/RSS content and uses etree. XMLParser without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup before parsing untrusted XML bytes. To address this issue, users should upgrade Changedetection to version 0.54.10 and newer. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41895.
Read more MonitoringIn Discourse versions prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 a medium severity vulnerability CVE-2026-33514 was detected. This vulnerability allows an authenticated user to read the name and structured content of form templates intended exclusively for categories they are not authorized to access. This occurs due to missing authorization checks when the form templates feature is enabled, leading to the disclosure of site configuration metadata. To address this issue, users should upgrade Discourse to versions 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33514.
Read more CommunicationIn Dolibarr ERP/CRM version 6.0.0 a medium severity vulnerability CVE-2017-14240 was detected. This vulnerability allows attackers to access sensitive information due to a flaw in the document.php file via the file parameter. To address this issue, users should upgrade Dolibarr ERP/CRM to version 6.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-14240.
Read more ERPIn GitLab CE/EE versions 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 a medium severity vulnerability CVE-2026-8280 was detected. This vulnerability allows an authenticated user to cause a denial of service (DoS) through excessive memory consumption due to improper input validation. To address this issue, users should upgrade GitLab CE/EE to versions 18.9.7, 18.10.6, or 18.11.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-8280.
Read more Developer ToolsIn Argo Workflows versions 4.0.0 to before 4.0.5 a high severity vulnerability CVE-2026-42297 was detected. This vulnerability allows any authenticated user, including those using fake Bearer tokens, to create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits. This occurs due to a complete lack of authorization checks on CRUD operations in the Sync Service’s ConfigMap-backed provider. To address this issue, users should upgrade Argo Workflows to version 4.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42297.
Read more Application DevelopmentIn Ansible versions before 1.6.6 a medium severity vulnerability CVE-2014-3498 was detected. This vulnerability allows remote authenticated users to execute arbitrary commands due to a flaw in the user module. To address this issue, users should upgrade Ansible to version 1.6.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-3498.
Read more IT Business Management