In EGroupware Enterprise Line (EPL) versions before 1.1.20140505, Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta a medium severity vulnerability CVE-2014-2987 was detected. This vulnerability allows remote attackers to hijack the authentication of administrators via multiple cross-site request forgery (CSRF) vectors. This enables attackers to create an administrator user or modify settings, which can be leveraged to execute arbitrary PHP code in conjunction with CVE-2014-2988. To address this issue, users should upgrade to versions 1.1.20140505 (EPL), 1.8.007.20140506 (Community Edition), or 14.1 beta. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-2987.
Read more CommunicationIn Drupal versions 8.x before 8.2.3 a medium severity vulnerability CVE-2016-9452 was detected. This vulnerability allows remote attackers to cause a denial of service (DoS) by sending a specially crafted URL that exploits the transliterate mechanism. To address this issue, users should upgrade Drupal to version 8.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-9452.
Read more Application DevelopmentIn Dolibarr ERP/CRM version 3.8.3 a low severity vulnerability CVE-2016-1912 was detected. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the lastname, firstname, email, job, or signature parameters to htdocs/user/card.php, leading to Cross-Site Scripting (XSS). To address this issue, users should upgrade Dolibarr ERP/CRM to versions 3.8.3 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-1912.
Read more ERPIn Grafana versions prior to 12.4.1 a low severity vulnerability CVE-2026-21725 was detected. This vulnerability allows an attacker to bypass authorization and delete a recently recreated data source without permission due to a time-of-check to time-of-use (TOCTOU) race condition. The exploit requires highly stringent conditions, including prior admin access to the originally deleted data source, the new data source having the exact same UID, and the attack occurring on the same pod within a narrow 30-second window. To address this issue, users should upgrade Grafana to versions 13.0.0 and above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-21725.
Read more Data AnalyticsIn GitLab Enterprise Edition (EE) versions 6.6.0 before 6.6.2 a medium severity vulnerability CVE-2014-3456 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, leading to Cross-Site Scripting (XSS). To address this issue, users should upgrade GitLab Enterprise Edition (EE) to version 6.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-3456.
Read more Developer ToolsIn FreeIPA versions 3.0 before 3.1.2 a medium severity vulnerability CVE-2013-0199 was detected. This vulnerability allows remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors due to default LDAP ACIs failing to restrict access to the ipaNTTrustAuthIncoming and ipaNTTrustAuthOutgoing attributes. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0199.
Read more SecurityIn Django versions 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 a medium severity vulnerability CVE-2015-8213 was detected. This vulnerability allows remote attackers to obtain sensitive application secrets (such as the SECRET_KEY) by providing a settings key in place of a date/time format setting to the get_format function in utils/formats.py. To address this issue, users should upgrade Django to versions 1.7.11, 1.8.7, or 1.9rc2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-8213.
Read more Application DevelopmentIn Drupal versions 6.x before 6.38 a medium severity vulnerability CVE-2016-3165 was detected. This vulnerability allows remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has the “#access” attribute set to FALSE in the server-side form definition, as the Form API ignores these restrictions on submit buttons. To address this issue, users should upgrade Drupal to version 6.38. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-3165.
Read more Application DevelopmentIn Budibase versions prior to 3.35.10 a high severity vulnerability CVE-2026-42239 was detected. This vulnerability allows attackers to steal JWT session tokens and achieve full account takeover if a Cross-Site Scripting (XSS) vulnerability is present, because the budibase:auth session cookie is set without the httpOnly, secure, and sameSite attributes. To address this issue, users should upgrade Budibase to version 3.35.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42239.
Read more Application Development