In CKAN versions prior to 2.10.10 and 2.11.5 a critical severity vulnerability CVE-2026-42032 was detected. This vulnerability allows unauthenticated attackers to bypass authorization and gain unauthorized access to private resources and PostgreSQL system information due to a flaw in the datastore_search_sql function. To address this issue, users should upgrade CKAN to versions 2.10.10 or 2.11.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42032.
Read more Data AnalyticsIn Django versions 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 a medium severity vulnerability CVE-2017-7233 was detected. This vulnerability allows an attacker to conduct open redirect and Cross-Site Scripting (XSS) attacks. This occurs because the django.utils.http.is_safe_url() function incorrectly considers some numeric URLs as safe, potentially leading to unsafe redirects or XSS if developers place these URLs into links. To address this issue, users should upgrade Django to versions 1.10.7, 1.9.13, or 1.8.18. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-7233.
Read more Application DevelopmentIn Drupal versions 8.x before 8.2.8 and 8.3.x before 8.3.1 a medium severity vulnerability CVE-2017-6919 was detected. This vulnerability allows authenticated users to bypass critical access restrictions if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. To address this issue, users should upgrade Drupal to versions 8.2.8 or 8.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-6919.
Read more Application DevelopmentIn Argo Workflows versions prior to 3.7.14 and 4.0.5 a high severity vulnerability CVE-2026-42294 was detected. This vulnerability allows an unauthenticated attacker to cause an Out-Of-Memory (OOM) crash and denial of service (DoS) by sending an extremely large request body to the /api/v1/events/ endpoint. This occurs because the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. To address this issue, users should upgrade Argo Workflows to versions 3.7.14 or 4.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42294.
Read more Application DevelopmentIn Ansible versions before 1.9.2 a high severity vulnerability CVE-2015-6240 was detected. This vulnerability allows local users to escape a restricted environment (such as a chroot, jail, or zone) via a symlink attack targeting the chroot, jail, and zone connection plugins. To address this issue, users should upgrade Ansible to version 1.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-6240.
Read more IT Business ManagementIn GitLab CE/EE versions 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 a medium severity vulnerability CVE-2026-8144 was detected. This vulnerability allows an authenticated user with project membership to enumerate private group members due to missing authorization checks. To address this issue, users should upgrade GitLab CE/EE to versions 18.9.7, 18.10.6, or 18.11.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-8144.
Read more Developer ToolsIn Jenkins versions through 2.93 a low severity vulnerability CVE-2017-17383 was detected. This vulnerability allows remote authenticated administrators to conduct Cross-Site Scripting (XSS) attacks by injecting a specially crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin. To address this issue, users should upgrade Jenkins to version 2.94. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-17383.
Read more Developer ToolsIn Drupal versions before 8.2.2 a medium severity vulnerability CVE-2017-6381 was detected. This vulnerability allows attackers to achieve remote code execution due to a flaw in a 3rd party development library (PHPUnit) included with Drupal 8 development dependencies. While mitigated by default .htaccess protections against PHP execution and the fact that development dependencies are not normally installed in production, users can further protect themselves by removing the vendor/phpunit directory. To address this issue, users should upgrade Drupal to version 8.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-6381.
Read more Application DevelopmentIn Fluentd versions 0.12.29 through 0.12.40 a high severity vulnerability CVE-2017-10906 was detected. This vulnerability allows an attacker to change the terminal UI or execute arbitrary commands on the device via an escape sequence injection through unspecified vectors. To address this issue, users should upgrade Fluentd to version 0.12.41 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-10906.
Read more Data Analytics