In Budibase versions prior to 3.33.4 a critical severity vulnerability CVE-2026-35216 was detected. This vulnerability allows unauthenticated attackers to achieve remote code execution (RCE) by triggering automations containing a Bash step through a public webhook endpoint, with commands executed as root inside the container. To address this issue, users should upgrade Budibase to version 3.33.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35216.
Read more Application Development
In Budibase versions prior to 3.33.4 a critical severity vulnerability CVE-2026-31818 was detected. This vulnerability allows attackers to perform server-side request forgery (SSRF) due to ineffective IP blacklist enforcement in the REST datasource connector when the BLACKLIST_IPS environment variable is unset, allowing unrestricted outbound requests. To address this issue, users should upgrade Budibase to version 3.33.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-31818.
Read more Application Development
In Budibase versions prior to 3.33.4 a high severity vulnerability CVE-2026-35214 was detected. This vulnerability allows attackers with Global Builder privileges to perform path traversal attacks via the plugin file upload endpoint, enabling arbitrary directory deletion and file write by supplying crafted filenames containing traversal sequences. To address this issue, users should upgrade Budibase to version 3.33.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35214.
Read more Application Development
In Alerta versions prior to 9.1.0 a medium severity vulnerability CVE-2026-34400 was detected. This vulnerability allows attackers to perform SQL injection via the query string search API (q=) due to unsafe interpolation of user-supplied input into SQL statements. To address this issue, users should upgrade Alerta to version 9.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34400.
Read more Monitoring
In changedetection.io versions prior to 0.54.7 a medium severity vulnerability CVE-2026-33981 was detected. This vulnerability allows attackers to disclose sensitive environment variables by exploiting the jq: and jqraw: include filters, which permit use of the jq env builtin to read and expose process environment variables. To address this issue, users should upgrade changedetection.io to version 0.54.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33981.
Read more Monitoring
In Discourse versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 a medium severity vulnerability CVE-2026-33415 was detected. This vulnerability allows authenticated moderator-level users to access post content, topic titles, and usernames from categories they are not authorized to view due to improper access control in a sentiment analytics endpoint. To address this issue, users should upgrade Discourse to versions 2026.1.3, 2026.2.2, or 2026.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33415.
Read more Communication
In Discourse versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 a medium severity vulnerability CVE-2026-33300 was detected. This vulnerability allows moderators to access hidden group names and user count metadata via the category-chatables endpoint due to an authorization bypass in the controller’s show action. To address this issue, users should upgrade Discourse to versions 2026.1.3, 2026.2.2, or 2026.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33300.
Read more Communication
In Discourse versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 a medium severity vulnerability CVE-2026-33185 was detected. This vulnerability allows attackers to perform server-side request forgery (SSRF) by abusing the group email settings test endpoint to initiate outbound connections to arbitrary hosts and ports, potentially enabling internal network probing. To address this issue, users should upgrade Discourse to versions 2026.1.3, 2026.2.2, or 2026.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33185.
Read more Communication
In Gitlab versions all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 a high severity vulnerability CVE-2026-2370 was detected. An improper authorization check in Jira Connect installations could allow an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the application. To address this issue, users should update Gitlab to versions 18.8.7, 18.9.3, and 18.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2370.
Read more Developer Tools