In Argo CD versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9 a critical severity vulnerability CVE-2026-42880 was detected. This vulnerability allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server’s Server-Side Apply dry-run mechanism due to a missing authorization and data-masking gap in Argo CD’s ServerSideDiff endpoint. To address this issue, users should upgrade Argo CD to versions 3.2.11 or 3.3.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42880.
Read more Developer ToolsIn Dolibarr versions prior to 23.0.0 a critical severity vulnerability CVE-2026-23500 was detected. This vulnerability allows authenticated administrators to inject arbitrary OS commands and achieve remote code execution (RCE) as the web server user by manipulating the MAIN_ODT_AS_PDF configuration constant during the ODT to PDF conversion process. To address this issue, users should upgrade Dolibarr to version 23.0.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-23500.
Read more ERPIn Foreman versions before 1.12.2 a medium severity vulnerability CVE-2016-6319 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the label parameter in app/helpers/form_helper.rb, as used by Remote Execution and possibly other plugins. To address this issue, users should upgrade Foreman to version 1.12.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-6319.
Read more IT Business ManagementIn Elasticsearch versions before 1.4.5 and 1.5.x before 1.5.2 a medium severity vulnerability CVE-2015-3337 was detected. This vulnerability allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled, due to a directory traversal flaw. To address this issue, users should upgrade Elasticsearch to versions 1.4.5 or 1.5.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-3337.
Read more Data AnalyticsIn Drupal versions 7.x before 7.52 and 8.x before 8.2.3 a medium severity vulnerability CVE-2016-9449 was detected. This vulnerability allows remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags within the taxonomy module. To address this issue, users should upgrade Drupal to versions 7.52 or 8.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-9449.
Read more Application DevelopmentIn FreeIPA versions before 3.2.0 a medium severity vulnerability CVE-2013-0336 was detected. This vulnerability allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn to the 389 directory server. To address this issue, users should upgrade FreeIPA to version 3.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0336.
Read more SecurityIn Foreman versions before 1.2.3 a high severity vulnerability CVE-2013-4386 was detected. This vulnerability allows remote attackers to execute arbitrary SQL commands via the fqdn or hostgroup parameters. To address this issue, users should upgrade Foreman to version 1.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-4386.
Read more IT Business ManagementIn eGroupware versions before 1.8.004.20120405 a medium severity vulnerability CVE-2012-2211 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. To address this issue, users should upgrade eGroupware to version 1.8.004.20120405. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-2211.
Read more CommunicationIn Drupal versions 7.x before 7.26 a medium severity vulnerability CVE-2014-1476 was detected. This vulnerability allows remote authenticated users to obtain sensitive information by viewing unpublished content via a taxonomy listing page on sites upgraded from earlier versions. To address this issue, users should upgrade Drupal to version 7.26. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-1476.
Read more Application Development