Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    12 May 2026 Communication and Collaboration
    EGroupware: CSRF Vulnerabilities Leading to Admin Hijacking and Potential RCE

    In EGroupware Enterprise Line (EPL) versions before 1.1.20140505, Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta a medium severity vulnerability CVE-2014-2987 was detected. This vulnerability allows remote attackers to hijack the authentication of administrators via multiple cross-site request forgery (CSRF) vectors. This enables attackers to create an administrator user or modify settings, which can be leveraged to execute arbitrary PHP code in conjunction with CVE-2014-2988. To address this issue, users should upgrade to versions 1.1.20140505 (EPL), 1.8.007.20140506 (Community Edition), or 14.1 beta. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-2987.

    Read more
    Communication
    12 May 2026 DevOps
    Drupal: Denial of Service in Transliterate Mechanism via Crafted URL

    In Drupal versions 8.x before 8.2.3 a medium severity vulnerability CVE-2016-9452 was detected. This vulnerability allows remote attackers to cause a denial of service (DoS) by sending a specially crafted URL that exploits the transliterate mechanism. To address this issue, users should upgrade Drupal to version 8.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-9452.

    Read more
    Application Development
    12 May 2026 Business and Enterprise Solutions
    Dolibarr: Multiple XSS Vulnerabilities via User Profile Parameters

    In Dolibarr ERP/CRM version 3.8.3 a low severity vulnerability CVE-2016-1912 was detected. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the lastname, firstname, email, job, or signature parameters to htdocs/user/card.php, leading to Cross-Site Scripting (XSS). To address this issue, users should upgrade Dolibarr ERP/CRM to versions 3.8.3 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-1912.

    Read more
    ERP
    12 May 2026 Data Management and Analytics
    Grafana: Authorization Bypass via TOCTOU in Datasource Deletion

    In Grafana versions prior to 12.4.1 a low severity vulnerability CVE-2026-21725 was detected. This vulnerability allows an attacker to bypass authorization and delete a recently recreated data source without permission due to a time-of-check to time-of-use (TOCTOU) race condition. The exploit requires highly stringent conditions, including prior admin access to the originally deleted data source, the new data source having the exact same UID, and the attack occurring on the same pod within a narrow 30-second window. To address this issue, users should upgrade Grafana to versions 13.0.0 and above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-21725.

    Read more
    Data Analytics
    12 May 2026 DevOps
    GitLab Enterprise Edition (EE): Cross-Site Scripting (XSS)

    In GitLab Enterprise Edition (EE) versions 6.6.0 before 6.6.2 a medium severity vulnerability CVE-2014-3456 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, leading to Cross-Site Scripting (XSS). To address this issue, users should upgrade GitLab Enterprise Edition (EE) to version 6.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-3456.

    Read more
    Developer Tools
    11 May 2026 Infrastructure and Network
    FreeIPA: Remote Disclosure of Cross-Realm Kerberos Trust Keys

    In FreeIPA versions 3.0 before 3.1.2 a medium severity vulnerability CVE-2013-0199 was detected. This vulnerability allows remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors due to default LDAP ACIs failing to restrict access to the ipaNTTrustAuthIncoming and ipaNTTrustAuthOutgoing attributes. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0199.

    Read more
    Security
    11 May 2026 DevOps
    Django: Sensitive Information Disclosure via Malicious Settings Key

    In Django versions 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 a medium severity vulnerability CVE-2015-8213 was detected. This vulnerability allows remote attackers to obtain sensitive application secrets (such as the SECRET_KEY) by providing a settings key in place of a date/time format setting to the get_format function in utils/formats.py. To address this issue, users should upgrade Django to versions 1.7.11, 1.8.7, or 1.9rc2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-8213.

    Read more
    Application Development
    11 May 2026 DevOps
    Drupal: Form API Access Restriction Bypass

    In Drupal versions 6.x before 6.38 a medium severity vulnerability CVE-2016-3165 was detected. This vulnerability allows remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has the “#access” attribute set to FALSE in the server-side form definition, as the Form API ignores these restrictions on submit buttons. To address this issue, users should upgrade Drupal to version 6.38. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-3165.

    Read more
    Application Development
    11 May 2026 DevOps
    Budibase: Account Takeover via Insecure Auth Cookie Attributes

    In Budibase versions prior to 3.35.10 a high severity vulnerability CVE-2026-42239 was detected. This vulnerability allows attackers to steal JWT session tokens and achieve full account takeover if a Cross-Site Scripting (XSS) vulnerability is present, because the budibase:auth session cookie is set without the httpOnly, secure, and sameSite attributes. To address this issue, users should upgrade Budibase to version 3.35.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42239.

    Read more
    Application Development
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}