In Dolibarr ERP/CRM versions before 5.0.3 a high severity vulnerability CVE-2017-9435 was detected. This vulnerability allows attackers to execute arbitrary SQL commands due to a SQL injection flaw in the search_supervisor and search_statut parameters within the user/index.php file. To address this issue, users should upgrade Dolibarr ERP/CRM to version 5.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-9435.
Read more ERPIn Etherpad versions before 1.6.1 a medium severity vulnerability CVE-2015-4085 was detected. This vulnerability allows attackers to access arbitrary files via a directory traversal flaw in the node/hooks/express/tests.js file within the frontend tests component. To address this issue, users should upgrade Etherpad to version 1.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-4085.
Read more CommunicationIn Ansible versions 2.3.x before 2.3.3 and 2.4.x before 2.4.1 a medium severity vulnerability CVE-2017-7550 was detected. This vulnerability allows remote attackers to expose sensitive information, such as passwords, from a remote host’s logs due to a flaw in how parameters are passed to the jenkins_plugin module’s “params” argument. To address this issue, users should upgrade Ansible to versions 2.3.3 or 2.4.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-7550.
Read more IT Business ManagementIn Django versions 1.10.x before 1.10.8 and 1.11.x before 1.11.5 a medium severity vulnerability CVE-2017-12794 was detected. This vulnerability allows an attacker to execute a cross-site scripting (XSS) attack because HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. This typically affects environments where “DEBUG = True” is enabled. To address this issue, users should upgrade Django to versions 1.10.8 or 1.11.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-12794.
Read more Application DevelopmentIn Gogs versions 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta a high severity vulnerability CVE-2014-8681 was detected. This vulnerability allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues due to a SQL injection flaw in the GetIssues function in models/issue.go. To address this issue, users should upgrade Gogs to version 0.5.6.1025 Beta. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-8681.
Read more Developer ToolsIn GitLab versions 9.4.x before 9.4.2 a medium severity vulnerability CVE-2017-17716 was detected. This vulnerability allows attackers to potentially intercept LDAP credentials or perform Man-in-the-Middle (MitM) attacks because the application does not support LDAP SSL certificate verification. This occurred because code related to the verify_certificates LDAP option was not merged. To address this issue, users should upgrade GitLab to version 9.4.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-17716.
Read more Developer ToolsIn Foreman versions since 1.5 a medium severity vulnerability CVE-2017-7505 was detected. This vulnerability allows users with user management permissions assigned to specific organizations to perform unauthorized operations on all administrator user objects outside of their scope, such as editing global admin accounts and changing their passwords, due to an incorrect authorization check. To address this issue, users should upgrade Foreman to version 1.15.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-7505.
Read more IT Business ManagementIn Django versions 6.0 before 6.0.5 and 5.2 before 5.2.14 a medium severity vulnerability CVE-2026-35192 was detected. This vulnerability allows a remote attacker to steal a user’s session after that user visits a cached public page due to session fixation. This occurs because response headers do not vary on cookies if a session is not modified, provided that SESSION_SAVE_EVERY_REQUEST is set to True. To address this issue, users should upgrade Django to versions 6.0.5 or 5.2.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35192.
Read more Application DevelopmentIn ArchiveBox versions 0.8.6rc0 and prior a critical severity vulnerability CVE-2026-42601 was detected. This vulnerability allows attackers to achieve Remote Code Execution (RCE) by injecting arbitrary tool arguments. This occurs because the /add/ endpoint accepts a config JSON field that is merged into the crawl configuration without validation and exported as environment variables when archive plugins run. At the time of publication, there are no publicly available patches; users should monitor for updates or apply appropriate mitigations. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42601.
Read more Utility